CVE-2024-50186: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-50186 is a vulnerability in the Linux kernel's networking subsystem, specifically related to socket creation error handling. The vulnerability was discovered when a dangling socket pointer issue was identified in the kernel's network stack, similar to a previous issue that was partially addressed in an earlier commit. The affected versions include Linux kernel 5.15.162 through 5.15.168, 6.1.96 through 6.1.113, 6.6.36 through 6.6.57, and 6.9.7 through 6.10 (NVD).

The vulnerability stems from incomplete error handling in the socket creation process within the Linux kernel's networking stack. When pf->create fails during socket creation, some protocol family implementations do not properly use skcommonrelease in their error paths, leading to a potential use-after-free condition. The issue was identified with KASAN (Kernel Address Sanitizer) and has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD, Kernel Patch).

The vulnerability could potentially lead to a use-after-free condition in the Linux kernel, which could result in high impacts on confidentiality, integrity, and availability of the system. The CVSS scoring indicates that successful exploitation could lead to complete compromise of the affected system's security (NVD).

The vulnerability has been patched in the Linux kernel by explicitly clearing the sk pointer when pf->create fails. The fix involves adding additional error handling code in the _sockcreate function to ensure the socket pointer is properly nullified after a failure. System administrators should update to the latest kernel versions that include this fix (Kernel Patch).