CVE-2024-50024: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-50024 affects the Linux kernel's networking subsystem, specifically related to an unsafe loop in the netlink multicast handling code. The vulnerability was discovered on October 21, 2024, and affects Linux kernel versions from 2.6.32 up to versions before 5.10.227, 5.15.168, 6.1.113, and 6.6.57 (NVD).

The vulnerability exists in the netlink socket handling code where an unsafe loop is used when deleting a genetlink family with active listeners. The issue manifests as a kernel crash with the error 'Oops: Kernel access of bad area, sig: 11' during the execution of netlinkupdatesocket_mc function. The vulnerability has a CVSS v3.1 base score of 5.5 (Medium) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD, Kernel Patch).

When exploited, this vulnerability can cause the Linux kernel to crash when deleting a genetlink family if there are still listeners for that family. This results in a denial of service condition affecting system availability (NVD).

The vulnerability has been fixed in the Linux kernel through a patch that changes the unsafe loop to a safe one in the netlink multicast handling code. The fix has been backported to multiple stable kernel versions. Users should update their Linux kernel to versions 5.10.227, 5.15.168, 6.1.113, 6.6.57 or later (Ubuntu Security).