CVE-2024-50267

USB: serial: io_edgeport: fix use after free in debug printk

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

USB: serial: io_edgeport: fix use after free in debug printk

The "dev_dbg(&urb->dev->dev, ..." which happens after usb_free_urb(urb)
is a use after free of the "urb" pointer. Store the "dev" pointer at the
start of the function to avoid this issue.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-10-21 CVE Reserved
2024-11-19 CVE Published
2024-11-19 CVE Updated
2024-11-19 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/984f68683298ba53af32f909de1f9452fbb37ccb	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/e6ceb04eeb6115d872d4c4078d12f1170ed755ce	2024-11-17
https://git.kernel.org/stable/c/39709ce93f5c3f9eb535efe2afea088805d1128f	2024-11-17
https://git.kernel.org/stable/c/e567fc8f7a4460e486e52c9261b1e8b9f5dc42aa	2024-11-17
https://git.kernel.org/stable/c/44fff2c16c5aafbdb70c7183dae0a415ae74705e	2024-11-14
https://git.kernel.org/stable/c/275258c30bbda29467216e96fb655b16bcc9992b	2024-11-14
https://git.kernel.org/stable/c/13d6ff3ca76056d06a9d88300be2a293442ff595	2024-11-14
https://git.kernel.org/stable/c/314bdf446053e123f37543aa535197ee75f8aa97	2024-11-14
https://git.kernel.org/stable/c/37bb5628379295c1254c113a407cab03a0f4d0b4	2024-10-31

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.7 < 4.19.324 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.7 < 4.19.324"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.7 < 5.4.286 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.7 < 5.4.286"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.7 < 5.10.230 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.7 < 5.10.230"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.7 < 5.15.172 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.7 < 5.15.172"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.7 < 6.1.117 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.7 < 6.1.117"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.7 < 6.6.61 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.7 < 6.6.61"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.7 < 6.11.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.7 < 6.11.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.7 < 6.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.7 < 6.12"		en		Affected