CVE-2024-50059

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-50059
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50059.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-50059
Downstream
Related
Published
2024-10-21T19:39:49.079Z
Modified
2025-11-27T19:35:24.701525Z
Summary
ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition
Details

In the Linux kernel, the following vulnerability has been resolved:

ntb: ntbhwswitchtec: Fix use after free vulnerability in switchtecntbremove due to race condition

In the switchtecntbadd function, it can call switchtecntbinitsndev function, then &sndev->checklinkstatuswork is bound with checklinkstatuswork. switchtecntblinknotification may be called to start the work.

If we remove the module which will call switchtecntbremove to make cleanup, it will free sndev through kfree(sndev), while the work mentioned above will be used. The sequence of operations that may lead to a UAF bug is as follows:

CPU0 CPU1

                    | check_link_status_work

switchtecntbremove | kfree(sndev); | | if (sndev->linkforcedown) | // use sndev

Fix it by ensuring that the work is canceled before proceeding with the cleanup in switchtecntbremove.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/blob/ee626f5d79d5817bb21d6f048dc0da4c4e383443/cves/2024/50xxx/CVE-2024-50059.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Fixed
5126d8f5567f49b52e21fca320eaa97977055099
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Fixed
b650189687822b705711f0567a65a164a314d8df
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Fixed
92728fceefdaa2a0a3aae675f86193b006eeaa43
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Fixed
3ae45be8492460a35b5aebf6acac1f1d32708946
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Fixed
fa840ba4bd9f3bad7f104e5b32028ee73af8b3dd
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Fixed
177925d9c8715a897bb79eca62628862213ba956
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Fixed
e51aded92d42784313ba16c12f4f88cc4f973bbb

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.4.285
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.227
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.168
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.113
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.57
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.11.4