CVE-2024-50267 in Linuxinfo

Summary

by MITRE • 11/19/2024

In the Linux kernel, the following vulnerability has been resolved:

USB: serial: io_edgeport: fix use after free in debug printk

The "dev_dbg(&urb->dev->dev, ..." which happens after usb_free_urb(urb) is a use after free of the "urb" pointer. Store the "dev" pointer at the start of the function to avoid this issue.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 10/22/2025

The vulnerability identified as CVE-2024-50267 resides within the Linux kernel's USB serial driver implementation, specifically affecting the io_edgeport driver module. This flaw represents a classic use-after-free condition that occurs during USB request block cleanup operations. The issue manifests when the driver attempts to log debug information using dev_dbg() function after the USB request block (urb) has already been freed through usb_free_urb() call. This particular vulnerability falls under the category of memory safety issues and is categorized as CWE-416 according to the Common Weakness Enumeration framework, which specifically addresses use-after-free vulnerabilities. The problem is particularly concerning as it occurs within kernel space where such memory corruption can lead to system instability, privilege escalation, or potential remote code execution depending on the exploitation vector.

The technical implementation flaw occurs in the io_edgeport USB serial driver where the debug logging mechanism references a device pointer that is part of a USB request block structure that has already been freed. When usb_free_urb() is called, it releases the memory occupied by the urb structure including its embedded device pointer, but subsequent dev_dbg() calls attempt to dereference this freed memory location. This creates a scenario where the kernel's debug subsystem tries to access memory that has been deallocated, leading to undefined behavior and potential system crashes. The vulnerability specifically affects the edgeport USB serial driver which handles communication with various USB-to-serial adapters, making it relevant to a broad range of hardware devices that rely on this driver for connectivity. The root cause stems from improper resource management where the device pointer is accessed after the associated memory has been freed, violating fundamental memory safety principles.

The operational impact of this vulnerability extends beyond simple system crashes to potentially compromise system integrity and availability. When exploited, the use-after-free condition can cause kernel oops messages, system panics, or even allow attackers to manipulate kernel memory structures. In a practical scenario, this could lead to denial of service attacks against systems running affected kernel versions, where adversaries could repeatedly trigger the vulnerable code path to cause system instability. The vulnerability is particularly dangerous in embedded systems or server environments where continuous operation is critical, as the resulting system crashes could be used to disrupt services or create persistent denial of service conditions. Additionally, since this affects kernel-level USB drivers, it could potentially be leveraged in privilege escalation scenarios, though direct remote code execution is less likely without additional exploitation primitives.

The recommended mitigation strategy involves applying the official kernel patch that resolves this issue by storing the device pointer at the beginning of the function before calling usb_free_urb(). This approach ensures that the device reference remains valid throughout the function execution even after the USB request block has been freed. System administrators should immediately update to kernel versions containing the fix, typically those released after the vulnerability disclosure. The fix aligns with established security practices for memory management in kernel space, specifically addressing the improper resource handling pattern that led to the vulnerability. Organizations should also implement regular kernel update policies and consider monitoring for similar patterns in other kernel subsystems. From an ATT&CK framework perspective, this vulnerability relates to privilege escalation and denial of service tactics, as it can be exploited to disrupt system operations or potentially gain elevated privileges through kernel memory corruption. The patch implementation demonstrates proper defensive programming practices and serves as a model for similar issues in other kernel drivers that handle USB and device management operations.

Responsible

Linux

Reservation

10/21/2024

Disclosure

11/19/2024

Moderation

accepted

CPE

ready

EPSS

0.00284

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!