CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-50206: net: ethernet: mtk_eth_soc: fix memory corruption during fq dma init

Description

In the Linux kernel, the following vulnerability has been resolved:

net: ethernet: mtk_eth_soc: fix memory corruption during fq dma init

The loop responsible for allocating up to MTK_FQ_DMA_LENGTH buffers must
only touch as many descriptors, otherwise it ends up corrupting unrelated
memory. Fix the loop iteration count accordingly.

Classification

CVE ID: CVE-2024-50206

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 7.21% (scored less or equal to compared to others)

EPSS Date: 2025-06-02 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-50206
https://git.kernel.org/stable/c/68cd084e3ec1512cd383cb3e9cf0ab7ab413724c
https://git.kernel.org/stable/c/88806efc034a9830f483963326b99930ad519af1

Timeline

2025-03-06 09:45:24 UTC
Tenable Plugins

Linux Distros Unpatched Vulnerability : CVE-2024-50206
2025-05-04 10:40:22 UTC
CVE

net: ethernet: mtk_eth_soc: fix memory corruption during fq dma init