CVE-2024-50267
CVSS 3.1 Score 7.8 of 10 (high)
Details
Published Nov 19, 2024
Updated: Dec 11, 2024
CWE ID 416
Summary
CVE-2024-50267 is a recently identified vulnerability in the Linux kernel. This issue affects the USB serial driver, specifically in the "io_edgeport" function. The problem lies in a use-after-free condition, where the "urb" pointer is freed with usb_free_urb(urb), but is later used in a dev_dbg() call. To mitigate this issue, developers are advised to store the "dev" pointer at the beginning of the function, instead of accessing it through the "urb" pointer, which no longer exists after the free operation.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Linux Kernel
Affected Vendors
- LINUX