CVE-2024-50061Use After Free in Linux

CWE-416Use After Free62 documents7 sources
Severity
7.0HIGHNVD
OSV8.8OSV7.8OSV5.5
EPSS
0.0%
top 94.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
LinuxLinux KernelDebian Linux+8 more
Timeline
PublishedOct 21
Latest updateDec 16

Description

In the Linux kernel, the following vulnerability has been resolved: i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition In the cdns_i3c_master_probe function, &master->hj_work is bound with cdns_i3c_master_hj. And cdns_i3c_master_interrupt can call cnds_i3c_master_demux_ibis function to start the work. If we remove the module which will call cdns_i3c_master_remove to make cleanup, it will free master->base through i3c_master_unregister while the

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages13 packages

NVDlinux/linux_kernel6.76.11.4+1
Debianlinux/linux_kernel< 6.1.129-1+2
Ubuntulinux/linux_kernel< 5.15.0-163.173+3

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

30
OSV
linux-azure-fips vulnerabilities2025-12-16
OSV
linux-azure-5.15 vulnerabilities2025-12-16
OSV
linux-azure, linux-azure-5.4 vulnerabilities2025-12-16
OSV
linux-raspi vulnerabilities2025-12-15
OSV
linux-kvm vulnerabilities2025-12-15

📋Vendor Advisories

31
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2025-12-16
Ubuntu
Linux kernel (Azure) vulnerabilities2025-12-16
Ubuntu
Linux kernel (Azure) vulnerabilities2025-12-16
Ubuntu
Linux kernel (KVM) vulnerabilities2025-12-15
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-12-15
CVE-2024-50061 — Use After Free in Linux | cvebase