CVE-2024-50266

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 19, 2024
Updated: Nov 22, 2024

Summary

CVE-2024-50266: A recently identified issue in the Linux kernel affects the clk subsystem, specifically the qcom driver for the videocc-sm8350 component. This vulnerability can cause a stuck clock condition on certain devices, such as the Lenovo ThinkPad X13s, during video streaming in Firefox. The root cause is a change in the venus driver that now requires the hardware control mode to be changed at runtime. The issue can be traced to the clk_branch_wait function in clk-branch.c, and can lead to system warnings and hanging CPU processes. To mitigate this vulnerability, users are advised to update the sm8350/sc8280xp GDSC definitions to enable runtime control of the hardware mode. (Source: Provided information)

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share