CVE-2024-50269 in Linux
Summary
by MITRE • 11/19/2024
In the Linux kernel, the following vulnerability has been resolved:
usb: musb: sunxi: Fix accessing an released usb phy
Commit 6ed05c68cbca ("usb: musb: sunxi: Explicitly release USB PHY on exit") will cause that usb phy @glue->xceiv is accessed after released.
1) register platform driver @sunxi_musb_driver // get the usb phy @glue->xceiv sunxi_musb_probe() -> devm_usb_get_phy().
2) register and unregister platform driver @musb_driver musb_probe() -> sunxi_musb_init() use the phy here //the phy is released here musb_remove() -> sunxi_musb_exit() -> devm_usb_put_phy()
3) register @musb_driver again musb_probe() -> sunxi_musb_init() use the phy here but the phy has been released at 2). ...
Fixed by reverting the commit, namely, removing devm_usb_put_phy() from sunxi_musb_exit().
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 10/22/2025
The vulnerability CVE-2024-50269 represents a critical resource management flaw in the Linux kernel's USB Multi-Role Controller (MUSB) driver implementation for Allwinner SoC platforms. This issue stems from improper handling of USB PHY (Physical Layer) resource lifecycle management during driver initialization and cleanup phases. The vulnerability manifests when the platform driver registration sequence creates a scenario where a USB PHY reference is accessed after it has been explicitly released, leading to potential system instability and resource corruption. The root cause lies in the interaction between two distinct platform drivers - the sunxi_musb_driver and the musb_driver - where the release operation in one driver's cleanup function inadvertently invalidates resources that subsequent probe operations attempt to utilize.
The technical flaw occurs within the sunxi_musb driver's resource management logic, specifically in the sunxi_musb_exit() function where devm_usb_put_phy() is called to release the USB PHY reference. This action occurs during the removal phase of the musb_driver, but subsequent registration of the same driver through musb_probe() attempts to initialize the sunxi_musb_init() function which requires access to the previously released PHY reference. The commit 6ed05c68cbca introduced this regression by explicitly adding the PHY release mechanism, assuming it would properly manage resource lifecycle. However, the interaction between the platform driver registration sequence and the device tree resource management creates a race condition where the PHY reference becomes invalid before all dependent operations complete. This pattern violates the fundamental principle of resource management where released resources must not be accessed by subsequent operations.
The operational impact of this vulnerability extends beyond simple system crashes or hangs, potentially enabling privilege escalation or denial of service conditions within embedded systems and IoT devices that rely on Allwinner SoC platforms. Attackers could exploit this vulnerability by repeatedly registering and unregistering the USB driver, causing the system to access freed memory locations and potentially corrupting the kernel's memory management structures. The vulnerability affects systems running Linux kernels with MUSB driver support for Allwinner SoC architectures, particularly impacting embedded devices, single-board computers, and industrial systems where USB connectivity is essential. This issue directly relates to CWE-415: Double Free and CWE-416: Use After Free, as the PHY reference is accessed after being freed, creating a memory safety violation that can be exploited to compromise system integrity.
Mitigation strategies for CVE-2024-50269 involve immediate kernel updates that revert the problematic commit 6ed05c68cbca, effectively removing the devm_usb_put_phy() call from sunxi_musb_exit() function. System administrators should prioritize applying the patched kernel version to all affected platforms, particularly those running embedded systems or IoT devices that utilize Allwinner SoC hardware. The fix aligns with ATT&CK technique T1068: Exploitation for Privilege Escalation by addressing the underlying resource management flaw that could enable unauthorized access to system resources. Organizations should also implement monitoring for repeated driver registration/unregistration patterns that could indicate exploitation attempts, as this vulnerability can be triggered through legitimate system operations. Additionally, the fix demonstrates proper resource management practices that align with Linux kernel development best practices, ensuring that device tree resource management and platform driver lifecycle operations maintain consistency throughout the system's operational lifetime.