CVE-2024-50276

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.23

Description The issue is related to a double free vulnerability in the mse102x tx frame spi() function within the Linux kernel. This vulnerability can lead to crashes and potentially allow an attacker to impact the confidentiality, integrity, and availability of protected information. The scope of the TX skb is wider than just mse102x tx frame spi(), and when the TX skb room needs to be expanded, freeing the temporary skb instead of the original skb is necessary to prevent the original TX skb pointer from being freed again in mse102x tx work(). This can cause crashes, as indicated by the internal error message.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the double free vulnerability in the mse102x tx frame spi() function. As a temporary workaround, consider disabling the mse102x tx frame spi() function until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the mse102x tx work() function in the affected kernel version until the issue is resolved.