CVE-2024-50013: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-50013 is a memory leak vulnerability discovered in the Linux kernel's exFAT filesystem implementation. The vulnerability was identified in the exfatloadbitmap() function, where if the first directory entry in the root directory is not a bitmap directory entry, a buffer head ('bh') will not be properly released and reassigned. The issue was discovered on September 3, 2024, and publicly disclosed on October 21, 2024. This vulnerability affects Linux kernel versions from 5.7 through 6.11.3 (NVD).

The vulnerability is classified as a Missing Release of Memory after Effective Lifetime (CWE-401) issue. The CVSS v3.1 base score is 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The technical root cause lies in the improper handling of buffer head resources in the exfatloadbitmap() function within the filesystem's allocation bitmap loading process (NVD).

The vulnerability results in a memory leak in the Linux kernel when handling exFAT filesystems. While this does not lead to information disclosure or system compromise, it can cause gradual system resource depletion, potentially affecting system stability and performance over time (NVD).

The vulnerability has been patched in multiple Linux kernel versions. Fixed versions include 5.10.234-1 for Debian Bullseye, 6.1.128-1 for Bookworm, and 6.12.17-1 for Sid/Trixie. Ubuntu has also released fixes for various kernel versions including 6.11.0-18.18 for 24.10, 6.8.0-54.56 for 24.04 LTS, and 5.15.0-127.137 for 22.04 LTS (Debian, Ubuntu).