CVE-2024-50269
- Source
- https://cve.org/CVERecord?id=CVE-2024-50269
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50269.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-50269
- Downstream
- Related
- Published
- 2024-11-19T01:30:06.910Z
- Modified
- 2026-03-11T07:50:46.551511Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- usb: musb: sunxi: Fix accessing an released usb phy
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
usb: musb: sunxi: Fix accessing an released usb phy
Commit 6ed05c68cbca ("usb: musb: sunxi: Explicitly release USB PHY on exit") will cause that usb phy @glue->xceiv is accessed after released.
1) register platform driver @sunximusbdriver // get the usb phy @glue->xceiv sunximusbprobe() -> devmusbget_phy().
2) register and unregister platform driver @musbdriver musbprobe() -> sunximusbinit() use the phy here //the phy is released here musbremove() -> sunximusbexit() -> devmusbputphy()
3) register @musbdriver again musbprobe() -> sunximusbinit() use the phy here but the phy has been released at 2). ...
Fixed by reverting the commit, namely, removing devmusbputphy() from sunximusb_exit().
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50269.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/498dbd9aea205db9da674994b74c7bf8e18448bd
- https://git.kernel.org/stable/c/4aa77d5ea9944468e16c3eed15e858fd5de44de1
- https://git.kernel.org/stable/c/63559ba8077cbadae1c92a65b73ea522bf377dd9
- https://git.kernel.org/stable/c/6e2848d1c8c0139161e69ac0a94133e90e9988e8
- https://git.kernel.org/stable/c/721ddad945596220c123eb6f7126729fe277ee4f
- https://git.kernel.org/stable/c/8a30da5aa9609663b3e05bcc91a916537f66a4cd
- https://git.kernel.org/stable/c/b08baa75b989cf779cbfa0969681f8ba2dc46569
- https://git.kernel.org/stable/c/ccd811c304d2ee56189bfbc49302cb3c44361893
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50269.json
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
- https://nvd.nist.gov/vuln/detail/CVE-2024-50269
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced6ed05c68cbcae42cd52b8e53b66952bfa9c002ceFixed721ddad945596220c123eb6f7126729fe277ee4fFixed4aa77d5ea9944468e16c3eed15e858fd5de44de1Fixed6e2848d1c8c0139161e69ac0a94133e90e9988e8Fixed63559ba8077cbadae1c92a65b73ea522bf377dd9Fixedccd811c304d2ee56189bfbc49302cb3c44361893Fixed8a30da5aa9609663b3e05bcc91a916537f66a4cdFixedb08baa75b989cf779cbfa0969681f8ba2dc46569Fixed498dbd9aea205db9da674994b74c7bf8e18448bd
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected583a4219841d00e96b5de55be160aa7eb7721a4dLast affectedb4ecc15d6f5a13c0bbe2777438e87e321f83faaaLast affecteda2259ebaa933331c53904caf792b619ec42f0da5