CVE-2024-50276 in Linuxinfo

Summary

by MITRE • 11/19/2024

In the Linux kernel, the following vulnerability has been resolved:

net: vertexcom: mse102x: Fix possible double free of TX skb

The scope of the TX skb is wider than just mse102x_tx_frame_spi(), so in case the TX skb room needs to be expanded, we should free the the temporary skb instead of the original skb. Otherwise the original TX skb pointer would be freed again in mse102x_tx_work(), which leads to crashes:

Internal error: Oops: 0000000096000004 [#2] PREEMPT SMP
CPU: 0 PID: 712 Comm: kworker/0:1 Tainted: G D 6.6.23 Hardware name: chargebyte Charge SOM DC-ONE (DT) Workqueue: events mse102x_tx_work [mse102x]
pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : skb_release_data+0xb8/0x1d8 lr : skb_release_data+0x1ac/0x1d8 sp : ffff8000819a3cc0 x29: ffff8000819a3cc0 x28: ffff0000046daa60 x27: ffff0000057f2dc0 x26: ffff000005386c00 x25: 0000000000000002 x24: 00000000ffffffff x23: 0000000000000000 x22: 0000000000000001 x21: ffff0000057f2e50 x20: 0000000000000006 x19: 0000000000000000 x18: ffff00003fdacfcc x17: e69ad452d0c49def x16: 84a005feff870102 x15: 0000000000000000 x14: 000000000000024a x13: 0000000000000002 x12: 0000000000000000 x11: 0000000000000400 x10: 0000000000000930 x9 : ffff00003fd913e8 x8 : fffffc00001bc008 x7 : 0000000000000000 x6 : 0000000000000008 x5 : ffff00003fd91340 x4 : 0000000000000000 x3 : 0000000000000009 x2 : 00000000fffffffe x1 : 0000000000000000 x0 : 0000000000000000 Call trace: skb_release_data+0xb8/0x1d8 kfree_skb_reason+0x48/0xb0 mse102x_tx_work+0x164/0x35c [mse102x]
process_one_work+0x138/0x260 worker_thread+0x32c/0x438 kthread+0x118/0x11c ret_from_fork+0x10/0x20 Code: aa1303e0 97fffab6 72001c1f 54000141 (f9400660)

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 10/22/2025

The vulnerability described in CVE-2024-50276 affects the Linux kernel's network driver for the Vertexcom MSE102x device, specifically within the net vertexcom mse102x module. This issue stems from improper memory management during the transmission of network packets, where a double free condition can occur under specific circumstances. The flaw manifests when the transmission socket buffer (skb) requires expansion, leading to incorrect handling of memory pointers and subsequent system crashes.

The technical root cause of this vulnerability lies in the incorrect pointer management within the mse102x_tx_frame_spi() function. When a temporary skb is created for packet processing and later needs to be expanded, the code attempts to free the original skb pointer instead of the temporary one. This mismanagement occurs because the scope of the TX skb extends beyond the single function, creating a scenario where the same memory location gets freed twice. The vulnerability is classified under CWE-415 as an improper free of memory, which represents a classic double-free error condition. According to the ATT&CK framework, this vulnerability maps to T1059.006 for execution through kernel-level code manipulation and T1547.001 for privilege escalation potential through kernel exploits.

The operational impact of this vulnerability is severe, as it leads to kernel oops and system crashes, potentially causing denial of service conditions in networked systems. The crash trace shows the system attempting to free memory through skb_release_data, indicating that the kernel's memory management subsystem encounters corrupted data structures. This condition can be exploited to cause system instability, particularly in embedded systems or devices that rely on the MSE102x network driver for connectivity. The affected hardware platform includes the chargebyte Charge SOM DC-ONE, which suggests this vulnerability could impact a range of embedded networking solutions. The error occurs during the execution of mse102x_tx_work workqueue function, indicating that the vulnerability can be triggered through normal network transmission operations.

Mitigation strategies for this vulnerability involve applying the kernel patch that corrects the memory management logic by ensuring that only the temporary skb is freed when expansion is required. System administrators should prioritize updating the Linux kernel to a patched version that addresses this specific double-free condition. Additionally, monitoring for kernel oops messages and system crashes related to network drivers can help identify exploitation attempts. The fix aligns with standard secure coding practices by ensuring proper memory pointer management and preventing improper deallocation of memory regions. Organizations using embedded systems with Vertexcom MSE102x hardware should conduct thorough testing of kernel updates to ensure that the patch resolves the issue without introducing regressions in network functionality. This vulnerability underscores the importance of proper resource management in kernel space and highlights the critical need for rigorous code review processes in network driver development to prevent similar memory corruption issues.

Responsible

Linux

Reservation

10/21/2024

Disclosure

11/19/2024

Moderation

accepted

CPE

ready

EPSS

0.00261

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!