CVE-2024-50169
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-50169
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50169.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-50169
- Downstream
- Related
- Published
- 2024-11-07T09:31:45.804Z
- Modified
- 2025-11-28T02:34:49.251532Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- vsock: Update rx_bytes on read_skb()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
vsock: Update rxbytes on readskb()
Make sure virtiotransportincrxpkt() and virtiotransportdecrxpkt() calls are balanced (i.e. virtiovsocksock::rxbytes doesn't lie) after vsocktransport::read_skb().
While here, also inform the peer that we've freed up space and it has more credit.
Failing to update rxbytes after packet is dequeued leads to a warning on SOCKSTREAM recv():
[ 233.396654] rxqueue is empty, but rxbytes is non-zero [ 233.396702] WARNING: CPU: 11 PID: 40601 at net/vmwvsock/virtiotransport_common.c:589
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50169.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/3543152f2d330141d9394d28855cb90b860091d2
- https://git.kernel.org/stable/c/66cd51de31c682a311c2fa25c580b7ea45859dd9
- https://git.kernel.org/stable/c/e5ca2b98090b4bb1c393088c724af6c37812a829
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50169.json
- https://nvd.nist.gov/vuln/detail/CVE-2024-50169