CVE-2024-50301: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-50301 is a security vulnerability discovered in the Linux kernel's key management subsystem. The issue was identified as a slab-out-of-bounds read in the keytaskpermission function, affecting Linux kernel versions from 3.13 through 6.11.8 (NVD). The vulnerability was discovered and reported by syzbot, with a CVSS v3.1 base score of 7.1 HIGH (NVD).

The vulnerability occurs in the searchnestedkeyrings function when iterating through slots in a node. The issue arises when a slot pointer is meta and points to a shortcut in the root node. Due to KEYRINGPTRSUBTYPE being the same as ASSOCARRAYPTRSUBTYPEMASK (0x2UL), a shortcut pointer may be mistakenly treated as a keyring pointer, leading to an out-of-bounds read. The vulnerability can be triggered when more than 32 keys with similar hashes ending with '0xxxxxxxe6' pattern are added to the system (Kernel Patch).

The vulnerability allows an attacker to cause an out-of-bounds read of size 4 bytes, which could lead to information disclosure or system crashes. The CVSS score of 7.1 indicates high severity with potential for high confidentiality and availability impacts, though requiring local access and low privileges (NVD).

The vulnerability has been fixed in the Linux kernel through a patch that modifies the behavior of the searchnestedkeyrings function. The fix ensures that the code jumps to descendtonode if the pointer is a shortcut, regardless of whether the node is root or not. Users should update their systems to the latest kernel version that includes this fix (Kernel Patch).