[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-50164":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":18,"aliases":19,"duplicate_of":9,"upstream":20,"downstream":21,"duplicates":58,"related":59,"reserved_at":9,"published_at":68,"modified_at":69,"state":70,"summary":71,"references_raw":80,"kevs":103,"epss":104,"epss_history":107,"metrics":372,"affected":378},"CVE-2024-50164","In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix overloading of MEM_UNINIT's meaning\n\nLonial reported an issue in the BPF verifier where check_mem_size_reg()\nhas the following code:\n\n    if (!tnum_is_const(reg->var_off))\n        /* For unprivileged variable accesses, disable raw\n         * mode so that the program is required to\n         * initialize all the memory that the helper could\n         * just partially fill up.\n         */\n         meta = NULL;\n\nThis means that writes are not checked when the register containing the\nsize of the passed buffer has not a fixed size. Through this bug, a BPF\nprogram can write to a map which is marked as read-only, for example,\n.rodata global maps.\n\nThe problem is that MEM_UNINIT's initial meaning that \"the passed buffer\nto the BPF helper does not need to be initialized\" which was added back\nin commit 435faee1aae9 (\"bpf, verifier: add ARG_PTR_TO_RAW_STACK type\")\ngot overloaded over time with \"the passed buffer is being written to\".\n\nThe problem however is that checks such as the above which were added later\nvia 06c1c049721a (\"bpf: allow helpers access to variable memory\") set meta\nto NULL in order force the user to always initialize the passed buffer to\nthe helper. Due to the current double meaning of MEM_UNINIT, this bypasses\nverifier write checks to the memory (not boundary checks though) and only\nassumes the latter memory is read instead.\n\nFix this by reverting MEM_UNINIT back to its original meaning, and having\nMEM_WRITE as an annotation to BPF helpers in order to then trigger the\nBPF verifier checks for writing to memory.\n\nSome notes: check_arg_pair_ok() ensures that for ARG_CONST_SIZE{,_OR_ZERO}\nwe can access fn->arg_type[arg - 1] since it must contain a preceding\nARG_PTR_TO_MEM. For check_mem_reg() the meta argument can be removed\naltogether since we do check both BPF_READ and BPF_WRITE. Same for the\nequivalent check_kfunc_mem_size_reg().",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":9,"likelihood_of_exploit":9,"capec":17},"NVD-CWE-NOINFO","Insufficient Information","NVD uses this CWE ID when there is insufficient information to assign a specific CWE.","placeholder","NVD-Reserved",[],[],[],[],[22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56],{"_key":23},"OPENSUSE-SU-2024:14500-1",{"_key":25},"OPENSUSE-SU-2025:14705-1",{"_key":27},"DLA-4076-1",{"_key":29},"DSA-5860-1",{"_key":31},"MGASA-2024-0368",{"_key":33},"MGASA-2024-0369",{"_key":35},"DEBIAN-CVE-2024-50164",{"_key":37},"UBUNTU-CVE-2024-50164",{"_key":39},"USN-7310-1",{"_key":41},"USN-7449-1",{"_key":43},"USN-7449-2",{"_key":45},"USN-7450-1",{"_key":47},"USN-7451-1",{"_key":49},"USN-7452-1",{"_key":51},"USN-7453-1",{"_key":53},"USN-7468-1",{"_key":55},"USN-7523-1",{"_key":57},"USN-7524-1",[],[60,62,64,65,66,67],{"_key":61},"USN-7276-1",{"_key":63},"USN-7277-1",{"_key":23},{"_key":25},{"_key":31},{"_key":33},"2024-11-07T09:31:41.012Z","2026-05-23T15:54:40.702Z","Modified",{"cisa_kev":72,"cisa_ransomware":72,"cisa_vendor":9,"epss_severity":73,"epss_score":74,"severity":75,"severity_score":76,"severity_version":77,"severity_source":78,"severity_vector":79,"severity_status":70},false,"low",0.00012,"high",7.1,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",[81,86,91,95,99],{"url":82,"sources":83,"tags":85},"https://git.kernel.org/stable/c/43f4df339a4d375bedcad29a61ae6f0ee7a048f8",[84,78],"cve.org",[],{"url":87,"sources":88,"tags":89},"https://git.kernel.org/stable/c/48068ccaea957469f1adf78dfd2c1c9a7e18f0fe",[84,78],[90],"Patch",{"url":92,"sources":93,"tags":94},"https://git.kernel.org/stable/c/54bc31682660810af1bed7ca7a19f182df8d3df8",[84,78],[90],{"url":96,"sources":97,"tags":98},"https://git.kernel.org/stable/c/8ea607330a39184f51737c6ae706db7fdca7628e",[84,78],[90],{"url":100,"sources":101,"tags":102},"https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html",[84,78],[],[],{"date":105,"score":74,"percentile":106},"2026-06-03",0.01829,[108,112,115,118,121,124,127,130,133,136,139,142,145,148,151,155,158,160,163,166,169,172,175,178,181,184,187,190,193,196,199,202,205,207,210,213,216,219,222,225,228,231,234,238,241,244,247,250,253,256,259,262,265,267,270,272,275,278,281,284,286,289,292,295,298,301,303,306,309,312,315,317,320,323,326,329,332,335,337,339,342,345,348,351,354,357,360,363,366,369],{"date":109,"score":110,"percentile":111},"2025-11-04",0.00068,0.21234,{"date":113,"score":110,"percentile":114},"2025-11-05",0.21232,{"date":116,"score":110,"percentile":117},"2025-11-06",0.21237,{"date":119,"score":110,"percentile":120},"2025-11-07",0.21248,{"date":122,"score":110,"percentile":123},"2025-11-08",0.21255,{"date":125,"score":110,"percentile":126},"2025-11-09",0.21223,{"date":128,"score":110,"percentile":129},"2025-11-10",0.21163,{"date":131,"score":110,"percentile":132},"2025-11-11",0.21186,{"date":134,"score":110,"percentile":135},"2025-11-12",0.21243,{"date":137,"score":110,"percentile":138},"2025-11-13",0.21254,{"date":140,"score":110,"percentile":141},"2025-11-14",0.21244,{"date":143,"score":110,"percentile":144},"2025-11-15",0.21219,{"date":146,"score":110,"percentile":147},"2025-11-16",0.21174,{"date":149,"score":110,"percentile":150},"2025-11-17",0.21137,{"date":152,"score":153,"percentile":154},"2025-11-18",0.00088,0.21271,{"date":156,"score":153,"percentile":157},"2025-11-19",0.21281,{"date":159,"score":153,"percentile":138},"2025-11-20",{"date":161,"score":110,"percentile":162},"2025-11-21",0.21104,{"date":164,"score":110,"percentile":165},"2025-11-22",0.21095,{"date":167,"score":110,"percentile":168},"2025-11-23",0.21062,{"date":170,"score":110,"percentile":171},"2025-11-24",0.21038,{"date":173,"score":110,"percentile":174},"2025-11-25",0.21021,{"date":176,"score":110,"percentile":177},"2025-11-26",0.21009,{"date":179,"score":110,"percentile":180},"2025-11-27",0.20969,{"date":182,"score":110,"percentile":183},"2025-11-28",0.2095,{"date":185,"score":110,"percentile":186},"2025-11-29",0.20943,{"date":188,"score":110,"percentile":189},"2025-11-30",0.20937,{"date":191,"score":110,"percentile":192},"2025-12-01",0.20981,{"date":194,"score":110,"percentile":195},"2025-12-02",0.21,{"date":197,"score":110,"percentile":198},"2025-12-03",0.2101,{"date":200,"score":110,"percentile":201},"2025-12-04",0.20954,{"date":203,"score":110,"percentile":204},"2025-12-05",0.20997,{"date":206,"score":110,"percentile":195},"2025-12-06",{"date":208,"score":110,"percentile":209},"2025-12-07",0.2098,{"date":211,"score":110,"percentile":212},"2025-12-08",0.20995,{"date":214,"score":110,"percentile":215},"2025-12-09",0.21046,{"date":217,"score":110,"percentile":218},"2025-12-10",0.21122,{"date":220,"score":110,"percentile":221},"2025-12-11",0.21164,{"date":223,"score":110,"percentile":224},"2025-12-12",0.21178,{"date":226,"score":110,"percentile":227},"2025-12-13",0.2118,{"date":229,"score":110,"percentile":230},"2025-12-14",0.21148,{"date":232,"score":110,"percentile":233},"2025-12-15",0.21126,{"date":235,"score":236,"percentile":237},"2025-12-16",0.00013,0.01595,{"date":239,"score":236,"percentile":240},"2025-12-17",0.01606,{"date":242,"score":236,"percentile":243},"2025-12-18",0.01597,{"date":245,"score":236,"percentile":246},"2025-12-19",0.01602,{"date":248,"score":236,"percentile":249},"2025-12-20",0.01603,{"date":251,"score":236,"percentile":252},"2025-12-21",0.01611,{"date":254,"score":236,"percentile":255},"2025-12-22",0.01613,{"date":257,"score":236,"percentile":258},"2025-12-23",0.01612,{"date":260,"score":236,"percentile":261},"2025-12-24",0.01614,{"date":263,"score":236,"percentile":264},"2025-12-25",0.01621,{"date":266,"score":236,"percentile":264},"2025-12-26",{"date":268,"score":236,"percentile":269},"2025-12-27",0.01609,{"date":271,"score":236,"percentile":255},"2025-12-28",{"date":273,"score":236,"percentile":274},"2025-12-29",0.01605,{"date":276,"score":236,"percentile":277},"2025-12-30",0.01598,{"date":279,"score":236,"percentile":280},"2025-12-31",0.01596,{"date":282,"score":236,"percentile":283},"2026-01-01",0.01615,{"date":285,"score":236,"percentile":261},"2026-01-02",{"date":287,"score":236,"percentile":288},"2026-01-03",0.01617,{"date":290,"score":236,"percentile":291},"2026-01-04",0.01588,{"date":293,"score":236,"percentile":294},"2026-01-05",0.01594,{"date":296,"score":236,"percentile":297},"2026-01-06",0.0159,{"date":299,"score":236,"percentile":300},"2026-01-07",0.01601,{"date":302,"score":236,"percentile":283},"2026-01-08",{"date":304,"score":236,"percentile":305},"2026-01-09",0.0163,{"date":307,"score":236,"percentile":308},"2026-01-10",0.01644,{"date":310,"score":236,"percentile":311},"2026-01-11",0.01639,{"date":313,"score":236,"percentile":314},"2026-01-12",0.01622,{"date":316,"score":236,"percentile":288},"2026-01-13",{"date":318,"score":236,"percentile":319},"2026-01-14",0.01624,{"date":321,"score":236,"percentile":322},"2026-01-15",0.01633,{"date":324,"score":236,"percentile":325},"2026-01-16",0.01647,{"date":327,"score":236,"percentile":328},"2026-01-17",0.0165,{"date":330,"score":236,"percentile":331},"2026-01-18",0.0166,{"date":333,"score":236,"percentile":334},"2026-01-19",0.01648,{"date":336,"score":236,"percentile":305},"2026-01-20",{"date":338,"score":236,"percentile":314},"2026-01-21",{"date":340,"score":236,"percentile":341},"2026-01-22",0.01619,{"date":343,"score":236,"percentile":344},"2026-01-23",0.01632,{"date":346,"score":236,"percentile":347},"2026-01-24",0.01638,{"date":349,"score":236,"percentile":350},"2026-01-25",0.0164,{"date":352,"score":236,"percentile":353},"2026-01-26",0.01636,{"date":355,"score":236,"percentile":356},"2026-01-27",0.01627,{"date":358,"score":236,"percentile":359},"2026-01-28",0.01623,{"date":361,"score":236,"percentile":362},"2026-01-29",0.01637,{"date":364,"score":236,"percentile":365},"2026-01-30",0.01643,{"date":367,"score":236,"percentile":368},"2026-01-31",0.01662,{"date":370,"score":236,"percentile":371},"2026-02-01",0.0169,[373],{"source":78,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":374,"cvss_v4_0":9},{"baseScore":76,"baseSeverity":375,"vectorString":79,"impactScore":376,"exploitabilityScore":377},"HIGH",8.7,4.6,[379,425],{"ecosystem":9,"name":380,"vendor":381,"product":381,"cpe_part":382,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":383},"Linux","linux","a",[384,391,394,397,400,402,404,406,408,410,412,416,420,424],{"version":385,"is_range":386,"range_type":84,"version_start":387,"version_start_type":388,"version_end":389,"version_end_type":390,"fixed_in":9},">= 97e6d7dab1ca4648821c790a2b7913d6d5d549db, \u003C 43f4df339a4d375bedcad29a61ae6f0ee7a048f8",true,"97e6d7dab1ca4648821c790a2b7913d6d5d549db","including","43f4df339a4d375bedcad29a61ae6f0ee7a048f8","excluding",{"version":392,"is_range":386,"range_type":84,"version_start":387,"version_start_type":388,"version_end":393,"version_end_type":390,"fixed_in":9},">= 97e6d7dab1ca4648821c790a2b7913d6d5d549db, \u003C 48068ccaea957469f1adf78dfd2c1c9a7e18f0fe","48068ccaea957469f1adf78dfd2c1c9a7e18f0fe",{"version":395,"is_range":386,"range_type":84,"version_start":387,"version_start_type":388,"version_end":396,"version_end_type":390,"fixed_in":9},">= 97e6d7dab1ca4648821c790a2b7913d6d5d549db, \u003C 54bc31682660810af1bed7ca7a19f182df8d3df8","54bc31682660810af1bed7ca7a19f182df8d3df8",{"version":398,"is_range":386,"range_type":84,"version_start":387,"version_start_type":388,"version_end":399,"version_end_type":390,"fixed_in":9},">= 97e6d7dab1ca4648821c790a2b7913d6d5d549db, \u003C 8ea607330a39184f51737c6ae706db7fdca7628e","8ea607330a39184f51737c6ae706db7fdca7628e",{"version":401,"is_range":72,"range_type":84,"version_start":401,"version_start_type":388,"version_end":401,"version_end_type":388,"fixed_in":9},"6099a6c8a749a5c8d5f8b4c4342022a92072a02b",{"version":403,"is_range":72,"range_type":84,"version_start":403,"version_start_type":388,"version_end":403,"version_end_type":388,"fixed_in":9},"bfe25df63048edd4ceaf78a2fc755d5e2befc978",{"version":405,"is_range":72,"range_type":84,"version_start":405,"version_start_type":388,"version_end":405,"version_end_type":388,"fixed_in":9},"717c39718dbc4f7ebcbb7b625fb11851cd9007fe",{"version":407,"is_range":72,"range_type":84,"version_start":407,"version_start_type":388,"version_end":407,"version_end_type":388,"fixed_in":9},"5d0bba8232bf22ce13747cbfc8f696318ff01a50",{"version":409,"is_range":72,"range_type":84,"version_start":409,"version_start_type":388,"version_end":409,"version_end_type":388,"fixed_in":9},"70674d11d14eeecad90be4b409a22b902112ba32",{"version":411,"is_range":72,"range_type":84,"version_start":411,"version_start_type":388,"version_end":411,"version_end_type":388,"fixed_in":9},"a08d942ecbf46e23a192093f6983cb1d779f4fa8",{"version":413,"is_range":386,"range_type":84,"version_start":414,"version_start_type":388,"version_end":415,"version_end_type":390,"fixed_in":9},">= 5.15.45, \u003C 5.16","5.15.45","5.16",{"version":417,"is_range":386,"range_type":84,"version_start":418,"version_start_type":388,"version_end":419,"version_end_type":390,"fixed_in":9},">= 5.17.13, \u003C 5.18","5.17.13","5.18",{"version":421,"is_range":386,"range_type":84,"version_start":422,"version_start_type":388,"version_end":423,"version_end_type":390,"fixed_in":9},">= 5.18.2, \u003C 5.19","5.18.2","5.19",{"version":423,"is_range":72,"range_type":84,"version_start":423,"version_start_type":388,"version_end":423,"version_end_type":388,"fixed_in":9},{"ecosystem":9,"name":426,"vendor":381,"product":427,"cpe_part":428,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":429},"linux kernel","linux_kernel","o",[430,434,438,440,442,444],{"version":431,"is_range":386,"range_type":432,"version_start":423,"version_start_type":388,"version_end":433,"version_end_type":390,"fixed_in":9},"gte5.19_lt6.6.59","cpe","6.6.59",{"version":435,"is_range":386,"range_type":432,"version_start":436,"version_start_type":388,"version_end":437,"version_end_type":390,"fixed_in":9},"gte6.7_lt6.11.6","6.7","6.11.6",{"version":439,"is_range":72,"range_type":432,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.12:rc1",{"version":441,"is_range":72,"range_type":432,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.12:rc2",{"version":443,"is_range":72,"range_type":432,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.12:rc3",{"version":445,"is_range":72,"range_type":432,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.12:rc4"]