CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-50269

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00028/1

CVE-2024-50269 is a vulnerability in the Linux kernel related to the usb subsystem, specifically the musb driver for sunxi platforms. It involves accessing a released USB PHY, potentially leading to system instability or crashes. Given an SVRS of 30, this vulnerability is considered low severity and does not require immediate action, but should be addressed in due course. This issue occurs due to an incorrect order of operations in the driver's initialization and exit routines, where the USB PHY is released prematurely. This means that a subsequent attempt to use the PHY results in accessing already freed memory. The fix involves reverting a commit that introduced the premature release. While the CVSS score is 0, the SVRS acknowledges some level of risk, potentially because of the Linux Kernel's widespread use. This highlights the importance of applying the provided patch to ensure system stability.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-11-19
LAST MODIFIED2024-11-19
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-50269 is a vulnerability in the Linux kernel related to the handling of USB PHY (Physical Layer) resources in Sunxi SoCs. The issue arises from a race condition where the USB PHY can be accessed after it has been released, potentially leading to memory corruption or system instability. This vulnerability is classified as a moderate risk with a SVRS score of 30.

Key Insights

  • Race Condition: The vulnerability exploits a race condition in the Linux kernel's USB driver for Sunxi SoCs. This race condition occurs when the USB PHY is released before it is fully unused.
  • Memory Corruption: If the USB PHY is accessed after it has been released, it can lead to memory corruption. This memory corruption could be exploited by attackers to gain unauthorized access or compromise the system.
  • System Instability: The vulnerability could also lead to system instability, such as crashes or hangs.
  • Limited Impact: The CVSS score of 0 and the SVRS score of 30 indicate a moderate impact. While the vulnerability is exploitable, it requires specific conditions and might not be widely exploited in the wild.

Mitigation Strategies

  • Update Kernel: The most effective mitigation strategy is to update the Linux kernel to the latest version containing the patch for CVE-2024-50269. This patch reverts the commit that introduced the vulnerability, addressing the race condition and preventing the USB PHY from being accessed after release.
  • Disable USB Devices: As a temporary mitigation strategy, consider disabling unnecessary USB devices. This reduces the potential attack surface by limiting the number of USB devices connected to the system.
  • System Hardening: Implement general system hardening practices, such as limiting user privileges, enabling security features, and regularly patching vulnerabilities. This reduces the overall risk of attacks, even if the vulnerability is exploited.
  • Monitor Network Traffic: Continuously monitor network traffic for suspicious activity. This can help identify potential exploits targeting the vulnerability, allowing for timely response and mitigation.

Additional Information

If you have any further questions regarding this incident, please use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

USN-7393-1: Linux kernel (FIPS) vulnerabilities
2025-03-28
USN-7393-1: Linux kernel (FIPS) vulnerabilities | Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-23848) Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in
ubuntu.com
rss
forum
news
USN-7390-1: Linux kernel (Xilinx ZynqMP) vulnerabilities
2025-03-28
USN-7390-1: Linux kernel (Xilinx ZynqMP) vulnerabilities | Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - SuperH RISC architecture; - User-Mode Linux (UML
ubuntu.com
rss
forum
news
USN-7388-1: Linux kernel vulnerabilities
2025-03-28
USN-7388-1: Linux kernel vulnerabilities | Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - SuperH RISC architecture; - User-Mode Linux (UML); - x86 architecture
ubuntu.com
rss
forum
news
USN-7331-1: Linux kernel vulnerabilities
2025-03-05
USN-7331-1: Linux kernel vulnerabilities | Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - x86 architecture; - Block layer subsystem; - ACPI drivers; - GPU drivers; - HID subsystem; - I2C subsystem; - IIO ADC drivers; - IIO subsystem
ubuntu.com
rss
forum
news
USN-7294-4: Linux kernel vulnerabilities
2025-03-03
USN-7294-4: Linux kernel vulnerabilities | Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - ACPI drivers; - Drivers core; - ATA over ethernet (AOE) driver; - TPM device driver; - GPIO subsystem; - GPU drivers; - HID subsystem; - I2C subsystem; - InfiniBand drivers; - Mailbox framework; - Multiple devices driver; - Media drivers; - Network drivers; - NTB driver; - Virtio pmem driver; - Parport drivers; - PCI subsystem; - SPI subsystem; - Direct Digital Synthesis drivers; - USB Device Class drivers; - USB Dual Role (OTG-ready) Controller drivers; - USB Serial drivers; - USB Type
ubuntu.com
rss
forum
news
USN-7294-3: Linux kernel vulnerabilities
2025-02-28
USN-7294-3: Linux kernel vulnerabilities | Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - ACPI drivers; - Drivers core; - ATA over ethernet (AOE) driver; - TPM device driver; - GPIO subsystem; - GPU drivers; - HID subsystem; - I2C subsystem; - InfiniBand drivers; - Mailbox framework; - Multiple devices driver; - Media drivers; - Network drivers; - NTB driver; - Virtio pmem driver; - Parport drivers; - PCI subsystem; - SPI subsystem; - Direct Digital Synthesis drivers; - USB Device Class drivers; - USB Dual Role (OTG-ready) Controller drivers; - USB Serial drivers; - USB Type
ubuntu.com
rss
forum
news
USN-7310-1: Linux kernel vulnerabilities
2025-02-28
USN-7310-1: Linux kernel vulnerabilities | Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - SuperH RISC architecture; - User-Mode Linux (UML); - x86 architecture
ubuntu.com
rss
forum
news

Social Media

CVE-2024-50269 In the Linux kernel, the following vulnerability has been resolved: usb: musb: sunxi: Fix accessing an released usb phy Commit 6ed05c68cbca ("usb: musb: sunxi: Expl… https://t.co/PDeHmxuckI
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/498dbd9aea205db9da674994b74c7bf8e18448bd
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/4aa77d5ea9944468e16c3eed15e858fd5de44de1
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/63559ba8077cbadae1c92a65b73ea522bf377dd9
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/6e2848d1c8c0139161e69ac0a94133e90e9988e8
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/721ddad945596220c123eb6f7126729fe277ee4f
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/8a30da5aa9609663b3e05bcc91a916537f66a4cd
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/b08baa75b989cf779cbfa0969681f8ba2dc46569
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/ccd811c304d2ee56189bfbc49302cb3c44361893

CWE Details

No CWE details found for this CVE

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence