CVE-2024-50269

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 19, 2024
Updated: Nov 26, 2024
CWE ID 416

Summary

CVE-2024-50269 is a vulnerability affecting the Linux kernel that involves the Musb (Universal Serial Bus) subsystem for Allwinner Sunxi chips. The issue arises due to a commit (6ed05c68cbca) in the codebase that inappropriately releases a USB PHY (Physical Layer) before the device driver is fully unregistered. As a result, the next time the driver is registered, the previously released USB PHY is accessed, leading to undefined behavior or potential security vulnerabilities. The vulnerability is mitigated by reverting the problematic commit, which eliminates the call to devm_usb_put_phy() from sunxi_musb_exit().

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share