What is CVE-2024-50047?

A high-severity vulnerability has been identified in the Linux kernel related to a slab-use-after-free issue during async decryption. Immediate action is required to mitigate potential risks.

What is the severity of CVE-2024-50047?

CVE-2024-50047 has a severity rating of HIGH with a CVSS base score of 7.8.

CVE-2024-50047 | High Vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption. Doing an async decryption (large read) crashes with a slab-use-after-free way down in the crypto API. This issue highlights a critical flaw that can significantly impact system stability and security.

The CVSS score for this vulnerability is 7.8, classified as high severity. The risk to organizations includes potential crashes and unauthorized access to sensitive data, making this a significant concern for users of the Linux kernel.

Organizations should prioritize patching immediately. The vulnerability can be exploited locally, which increases the urgency for remediation. The kernel's handling of asynchronous decryption is particularly vulnerable, as illustrated in the reproduction steps.

The vulnerability has been published on October 21, 2024, and it has been modified as of November 3, 2025. Immediate action is required to mitigate potential risks associated with this vulnerability.

Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption. Doing an async decryption (large read) crashes with a slab-use-after-free way down in the crypto API. This vulnerability impacts the integrity and availability of the system.

The vulnerability has a CVSS score of 7.8, indicating a high severity level. The affected product is the Linux kernel, specifically versions prior to 6.6.57 and from 6.7 to 6.11.4.

Technical Analysis

The root cause of this vulnerability is related to the use of the transformation function (TFM) in parallel during async decryption, which leads to a slab-use-after-free condition. Asynchronous operations are complicated by this flaw, which can cause instability in the crypto API.

The attack vector is local, requiring low privileges to exploit. The attack complexity is low, and no user interaction is required. The impacts on confidentiality, integrity, and availability are all high, further emphasizing the critical nature of this vulnerability.

Risk & Impact Analysis

The real-world deployment risk associated with this vulnerability is significant. If exploited, it can allow attackers to crash systems or potentially gain unauthorized access to sensitive data. The blast radius could be extensive, depending on the systems using the Linux kernel.

Organizations should assess their environments for affected versions and prioritize remediation efforts based on the CVSS score and potential impact. Given the nature of the exploitation, organizations must act swiftly to address this vulnerability.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions of the Linux kernel include all versions prior to 6.6.57 and versions from 6.7 to 6.11.4. Organizations should ensure that they are running an updated version to mitigate the risks associated with this vulnerability.

Mitigation & Remediation

Organizations should prioritize applying patches and updates provided by the Linux kernel maintainers. For specific guidance, organizations can refer to the patch details available in the Linux kernel repositories.

If an immediate patch is unavailable, organizations should consider implementing workarounds such as disabling asynchronous decryption or restricting access to affected systems until a patch can be applied.

For more information on penetration testing and vulnerability assessments, organizations should refer to penetration testing services.

Detection Guidance

Organizations should monitor logs for unusual activity related to the Linux kernel, specifically focusing on operations involving asynchronous decryption. Behavioral anomalies should be flagged, and network signatures should be updated to detect potential exploitation attempts.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability lies in the ongoing challenges associated with the Linux kernel's handling of asynchronous operations. This incident underscores the need for continuous monitoring and proactive security assessments.

Security teams should be vigilant about similar vulnerabilities and consider adopting a vulnerability management program to proactively identify and mitigate risks.

In addition, adopting security best practices in the development and maintenance of the Linux kernel can help reduce the likelihood of similar vulnerabilities occurring in the future. Organizations are encouraged to engage in penetration testing methodology and continuous security assessments.

Finally, it is crucial for organizations to remain informed about emerging threats and vulnerabilities, as they can have significant implications for operational security.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2024-50047: High Vulnerability in Linux Kernel