CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-50204: fs: don't try and remove empty rbtree node

Description

In the Linux kernel, the following vulnerability has been resolved:

fs: don't try and remove empty rbtree node

When copying a namespace we won't have added the new copy into the
namespace rbtree until after the copy succeeded. Calling free_mnt_ns()
will try to remove the copy from the rbtree which is invalid. Simply
free the namespace skeleton directly.

Classification

CVE ID: CVE-2024-50204

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 5.58% (scored less or equal to compared to others)

EPSS Date: 2025-06-02 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-50204
https://git.kernel.org/stable/c/a8b155a2c30dc9a5ba837aa5fcba9a47cc031a9b
https://git.kernel.org/stable/c/229fd15908fe1f99b1de4cde3326e62d1e892611

Timeline

2025-03-06 09:45:26 UTC
Tenable Plugins

Linux Distros Unpatched Vulnerability : CVE-2024-50204
2025-05-04 10:40:22 UTC
CVE

fs: don't try and remove empty rbtree node