[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-DEBIAN-CVE-2024-50110":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":19,"related":20,"reserved_at":9,"published_at":21,"modified_at":22,"state":9,"summary":23,"references_raw":25,"kevs":32,"epss":9,"epss_history":33,"metrics":34,"affected":41},"DEBIAN-CVE-2024-50110","In the Linux kernel, the following vulnerability has been resolved:  xfrm: fix one more kernel-infoleak in algo dumping  During fuzz testing, the following issue was discovered:  BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x598/0x2a30  _copy_to_iter+0x598/0x2a30  __skb_datagram_iter+0x168/0x1060  skb_copy_datagram_iter+0x5b/0x220  netlink_recvmsg+0x362/0x1700  sock_recvmsg+0x2dc/0x390  __sys_recvfrom+0x381/0x6d0  __x64_sys_recvfrom+0x130/0x200  x64_sys_call+0x32c8/0x3cc0  do_syscall_64+0xd8/0x1c0  entry_SYSCALL_64_after_hwframe+0x79/0x81  Uninit was stored to memory at:  copy_to_user_state_extra+0xcc1/0x1e00  dump_one_state+0x28c/0x5f0  xfrm_state_walk+0x548/0x11e0  xfrm_dump_sa+0x1e0/0x840  netlink_dump+0x943/0x1c40  __netlink_dump_start+0x746/0xdb0  xfrm_user_rcv_msg+0x429/0xc00  netlink_rcv_skb+0x613/0x780  xfrm_netlink_rcv+0x77/0xc0  netlink_unicast+0xe90/0x1280  netlink_sendmsg+0x126d/0x1490  __sock_sendmsg+0x332/0x3d0  ____sys_sendmsg+0x863/0xc30  ___sys_sendmsg+0x285/0x3e0  __x64_sys_sendmsg+0x2d6/0x560  x64_sys_call+0x1316/0x3cc0  do_syscall_64+0xd8/0x1c0  entry_SYSCALL_64_after_hwframe+0x79/0x81  Uninit was created at:  __kmalloc+0x571/0xd30  attach_auth+0x106/0x3e0  xfrm_add_sa+0x2aa0/0x4230  xfrm_user_rcv_msg+0x832/0xc00  netlink_rcv_skb+0x613/0x780  xfrm_netlink_rcv+0x77/0xc0  netlink_unicast+0xe90/0x1280  netlink_sendmsg+0x126d/0x1490  __sock_sendmsg+0x332/0x3d0  ____sys_sendmsg+0x863/0xc30  ___sys_sendmsg+0x285/0x3e0  __x64_sys_sendmsg+0x2d6/0x560  x64_sys_call+0x1316/0x3cc0  do_syscall_64+0xd8/0x1c0  entry_SYSCALL_64_after_hwframe+0x79/0x81  Bytes 328-379 of 732 are uninitialized Memory access of size 732 starts at ffff88800e18e000 Data copied to user address 00007ff30f48aff0  CPU: 2 PID: 18167 Comm: syz-executor.0 Not tainted 6.8.11 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014  Fixes copying of xfrm algorithms where some random data of the structure fields can end up in userspace. Padding in structures may be filled with random (possibly sensitve) data and should never be given directly to user-space.  A similar issue was resolved in the commit 8222d5910dae (\"xfrm: Zero padding when dumping algos and encap\")  Found by Linux Verification Center (linuxtesting.org) with Syzkaller.",null,[],[],[],[14],{"_key":15},"CVE-2024-50110",[17],{"_key":18},"DLA-4008-1",[],[],"2024-11-05T18:15:14.370Z","2026-04-28T20:28:51.196230Z",{"cisa_kev":24,"cisa_ransomware":24,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[26],{"url":27,"sources":28,"tags":30},"https://security-tracker.debian.org/tracker/CVE-2024-50110",[29],"osv_debian",[31],"Advisory",[],[],[35],{"source":29,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":36,"cvss_v4_0":9},{"baseScore":37,"baseSeverity":9,"vectorString":38,"impactScore":39,"exploitabilityScore":40},5.5,"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",6,4.6,[42,58],{"ecosystem":43,"name":44,"vendor":45,"product":44,"cpe_part":9,"purl_type":46,"purl_namespace":45,"purl_name":44,"source":9,"versions":47},"Debian","linux","debian","deb",[48,54,57],{"version":49,"is_range":50,"range_type":51,"version_start":9,"version_start_type":9,"version_end":52,"version_end_type":53,"fixed_in":9},"lt6_1_115_1",true,"ecosystem","6.1.115-1","excluding",{"version":55,"is_range":50,"range_type":51,"version_start":9,"version_start_type":9,"version_end":56,"version_end_type":53,"fixed_in":9},"lt6_11_6_1","6.11.6-1",{"version":55,"is_range":50,"range_type":51,"version_start":9,"version_start_type":9,"version_end":56,"version_end_type":53,"fixed_in":9},{"ecosystem":43,"name":59,"vendor":45,"product":59,"cpe_part":9,"purl_type":46,"purl_namespace":45,"purl_name":59,"source":9,"versions":60},"linux-6.1",[61],{"version":62,"is_range":50,"range_type":51,"version_start":9,"version_start_type":9,"version_end":63,"version_end_type":53,"fixed_in":9},"lt6_1_119_1~deb11u1","6.1.119-1~deb11u1"]