CVE-2024-50267

Summary

In the Linux kernel, the following vulnerability has been resolved:

USB: serial: io_edgeport: fix use after free in debug printk

The "dev_dbg(&urb->dev->dev, …" which happens after usb_free_urb(urb) is a use after free of the "urb" pointer. Store the "dev" pointer at the start of the function to avoid this issue.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux984f68683298ba53af32f909de1f9452fbb37ccb < e6ceb04eeb6115d872d4c4078d12f1170ed755ceaffected
LinuxLinux984f68683298ba53af32f909de1f9452fbb37ccb < 39709ce93f5c3f9eb535efe2afea088805d1128faffected
LinuxLinux984f68683298ba53af32f909de1f9452fbb37ccb < e567fc8f7a4460e486e52c9261b1e8b9f5dc42aaaffected
LinuxLinux984f68683298ba53af32f909de1f9452fbb37ccb < 44fff2c16c5aafbdb70c7183dae0a415ae74705eaffected
LinuxLinux984f68683298ba53af32f909de1f9452fbb37ccb < 275258c30bbda29467216e96fb655b16bcc9992baffected
LinuxLinux984f68683298ba53af32f909de1f9452fbb37ccb < 13d6ff3ca76056d06a9d88300be2a293442ff595affected
LinuxLinux984f68683298ba53af32f909de1f9452fbb37ccb < 314bdf446053e123f37543aa535197ee75f8aa97affected
LinuxLinux984f68683298ba53af32f909de1f9452fbb37ccb < 37bb5628379295c1254c113a407cab03a0f4d0b4affected
LinuxLinux3.7affected
LinuxLinux0 < 3.7unaffected
LinuxLinux4.19.324 <= 4.19.*unaffected
LinuxLinux5.4.286 <= 5.4.*unaffected
LinuxLinux5.10.230 <= 5.10.*unaffected
LinuxLinux5.15.172 <= 5.15.*unaffected
LinuxLinux6.1.117 <= 6.1.*unaffected
LinuxLinux6.6.61 <= 6.6.*unaffected
LinuxLinux6.11.8 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References