CVERadar

CVE-2024-50187

Medium Severity

SVRS

30/100

CVSSv3

NA/10

EPSS

0.00025/1

CVE-2024-50187 is a vulnerability in the Linux kernel's DRM/VC4 driver related to performance monitor management. This issue arises because the active performance monitor isn't stopped when its file descriptor is closed, leading to a stale pointer. When a new file descriptor is opened, the driver attempts to stop the monitor using this invalid pointer, potentially causing a system crash. With an SVRS of 30, the vulnerability is not considered critical, but it's still important to address as the pointer is no longer valid and associated processes are terminated. The fix involves explicitly stopping the active performance monitor before it's destroyed and freed, thus ensuring proper resource management within the kernel. Although its CVSS score is 0, it's crucial to address this security concern for system stability. While not immediately critical, failure to patch can lead to potential system instability and unexpected behavior.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

USN-7403-1: Linux kernel (HWE) vulnerabilities

2025-04-02

USN-7403-1: Linux kernel (HWE) vulnerabilities | Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker could use this to connect a rougue device and possibly execute arbitrary code. (CVE-2024-8805) Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in the Linux kernel. An

ubuntu.com

rss

forum

news

USN-7384-2: Linux kernel (Azure) vulnerabilities

2025-04-01

USN-7384-2: Linux kernel (Azure) vulnerabilities | Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker could use this to connect a rougue device and possibly execute arbitrary code. (CVE-2024-8805) Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) It was discovered that the CIFS network file system implementation

ubuntu.com

rss

forum

news

USN-7383-1: Linux kernel vulnerabilities

2025-03-27

USN-7383-1: Linux kernel vulnerabilities | Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - x86 architecture; - Block layer subsystem; - Drivers core; - Ublk userspace block driver; - Compressed RAM block device driver; - CPU frequency scaling framework; - DAX dirext access to differentiated memory framework; - GPU drivers; - HID subsystem; - I3C subsystem; - IIO subsystem; - InfiniBand drivers; - IOMMU subsystem; - IRQ chip drivers; - Network drivers; - NTB driver; - Virtio pmem driver; - Parport drivers; - Pin controllers subsystem; - SCSI subsystem; - SuperH / SH-Mobile drivers; - Direct Digital Synthesis drivers; - Thermal

ubuntu.com

rss

forum

news

USN-7384-1: Linux kernel (Azure) vulnerabilities

2025-03-27

USN-7384-1: Linux kernel (Azure) vulnerabilities | Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker could use this to connect a rougue device and possibly execute arbitrary code. (CVE-2024-8805) Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) It was discovered that the CIFS network file system implementation

ubuntu.com

rss

forum

news

USN-7385-1: Linux kernel (IBM) vulnerabilities

2025-03-27

USN-7385-1: Linux kernel (IBM) vulnerabilities | Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker could use this to connect a rougue device and possibly execute arbitrary code. (CVE-2024-8805) Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in the Linux kernel. An

ubuntu.com

rss

forum

news

USN-7386-1: Linux kernel (OEM) vulnerabilities

2025-03-27

USN-7386-1: Linux kernel (OEM) vulnerabilities | Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker could use this to connect a rougue device and possibly execute arbitrary code. (CVE-2024-8805) Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in the Linux kernel. An

ubuntu.com

rss

forum

news

USN-7383-2: Linux kernel (Real-time) vulnerabilities

2025-03-27

USN-7383-2: Linux kernel (Real-time) vulnerabilities | Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - x86 architecture; - Block layer subsystem; - Drivers core; - Ublk userspace block driver; - Compressed RAM block device driver; - CPU frequency scaling framework; - DAX dirext access to differentiated memory framework; - GPU drivers; - HID subsystem; - I3C subsystem; - IIO subsystem; - InfiniBand drivers; - IOMMU subsystem; - IRQ chip drivers; - Network drivers; - NTB driver; - Virtio pmem driver; - Parport drivers; - Pin controllers subsystem; - SCSI subsystem; - SuperH / SH-Mobile drivers; - Direct Digital Synthesis

ubuntu.com

rss

forum

news

Social Media

DailyCVE

@dailycve

2024-11-28

🔵 #Linux Kernel, Use-After-Free Vulnerability, #CVE-2024-50187 (Moderate) - Low https://t.co/7G2HniSOmE

Vulmon Vulnerability Feed

@VulmonFeeds

2024-11-08

CVE-2024-50187 Unpatched Linux Kernel Bug Allows Stale Pointer Exploit in DRM/VC4 A vulnerability in the Linux kernel has been fixed in the drm/vc4 code. The issue was that when a file descriptor was closed, the ... https://t.co/rncLOexU60

Affected Software

No affected software found for this CVE

References

Reference	Link
416BAAA9-DC9F-4396-8D5F-8C081FB06D67	https://git.kernel.org/stable/c/0b2ad4f6f2bec74a5287d96cb2325a5e11706f22
416BAAA9-DC9F-4396-8D5F-8C081FB06D67	https://git.kernel.org/stable/c/75452da51e2403e14be007df80d133e1443fc967
416BAAA9-DC9F-4396-8D5F-8C081FB06D67	https://git.kernel.org/stable/c/937943c042503dc6087438bf3557f9057a588ba0
416BAAA9-DC9F-4396-8D5F-8C081FB06D67	https://git.kernel.org/stable/c/c9adba739d5f7cdc47a7754df4a17b47b1ecf513

CWE Details

No CWE details found for this CVE

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence