CVE-2024-50267

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 19, 2024
Updated: Dec 11, 2024
CWE ID 416

Summary

CVE-2024-50267 is a recently identified vulnerability in the Linux kernel. This issue affects the USB serial driver, specifically in the "io_edgeport" function. The problem lies in a use-after-free condition, where the "urb" pointer is freed with usb_free_urb(urb), but is later used in a dev_dbg() call. To mitigate this issue, developers are advised to store the "dev" pointer at the beginning of the function, instead of accessing it through the "urb" pointer, which no longer exists after the free operation.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share