CVE-2024-50269
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2024-50269 is a vulnerability affecting the Linux kernel that involves the Musb (Universal Serial Bus) subsystem for Allwinner Sunxi chips. The issue arises due to a commit (6ed05c68cbca) in the codebase that inappropriately releases a USB PHY (Physical Layer) before the device driver is fully unregistered. As a result, the next time the driver is registered, the previously released USB PHY is accessed, leading to undefined behavior or potential security vulnerabilities. The vulnerability is mitigated by reverting the problematic commit, which eliminates the call to devm_usb_put_phy() from sunxi_musb_exit().
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Linux Kernel
Affected Vendors
- LINUX