CVE-2024-50051

Summary

In the Linux kernel, the following vulnerability has been resolved:

spi: mpc52xx: Add cancel_work_sync before module remove

If we remove the module which will call mpc52xx_spi_remove it will free 'ms' through spi_unregister_controller. while the work ms->work will be used. The sequence of operations that may lead to a UAF bug.

Fix it by ensuring that the work is canceled before proceeding with the cleanup in mpc52xx_spi_remove.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxca632f556697d45d67ed5cada7cedf3ddfe0db4b < d0cde3911cf24e1bcdd4caa1d1b9ef57589db5a1affected
LinuxLinuxca632f556697d45d67ed5cada7cedf3ddfe0db4b < e0c6ce8424095c2da32a063d3fc027494c689817affected
LinuxLinuxca632f556697d45d67ed5cada7cedf3ddfe0db4b < cd5106c77d6d6828aa82449f01f4eb436d602a21affected
LinuxLinuxca632f556697d45d67ed5cada7cedf3ddfe0db4b < 373d55a47dc662e5e30d12ad5d334312f757c1f1affected
LinuxLinuxca632f556697d45d67ed5cada7cedf3ddfe0db4b < f65d85bc1ffd8a2c194bb2cd65e35ed3648ddd59affected
LinuxLinuxca632f556697d45d67ed5cada7cedf3ddfe0db4b < 90b72189de2cddacb26250579da0510b29a8b82baffected
LinuxLinuxca632f556697d45d67ed5cada7cedf3ddfe0db4b < 984836621aad98802d92c4a3047114cf518074c8affected
LinuxLinux3.1affected
LinuxLinux0 < 3.1unaffected
LinuxLinux5.4.287 <= 5.4.*unaffected
LinuxLinux5.10.231 <= 5.10.*unaffected
LinuxLinux5.15.174 <= 5.15.*unaffected
LinuxLinux6.1.120 <= 6.1.*unaffected
LinuxLinux6.6.66 <= 6.6.*unaffected
LinuxLinux6.12.5 <= 6.12.*unaffected
LinuxLinux6.13 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References