PT-2024-33867 · Linux+6 · Linux Kernel+6

Published

2024-10-21

·

Updated

2025-10-03

·

CVE-2024-50026

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58
Description: A regression was introduced in the Linux kernel, specifically in the scsi: wd33c93 module, which results in an oops in wd33c93 intr(). This issue occurs because the scsi pointer variable is initialized from hostdata->connected, but during selection, hostdata->connected is not yet valid. The fix involves getting the current scsi pointer from hostdata->selecting.
Recommendations: For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider disabling the affected scsi: wd33c93 module until a patch is available. Restrict access to the vulnerable wd33c93 intr() function to minimize the risk of exploitation.

Exploit

Fix

Improper Initialization

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-665

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2024-17211
ALT-PU-2025-12647
AZL-51557
BDU:2025-04155
CVE-2024-50026
DLA-4008-1
MGASA-2024-0344
MGASA-2024-0345
OESA-2024-2367
OPENSUSE-SU-2024:14500-1
OPENSUSE-SU-2024_4314-1
OPENSUSE-SU-2024_4315-1
OPENSUSE-SU-2024_4316-1
OPENSUSE-SU-2024_4376-1
OPENSUSE-SU-2025:14705-1
SUSE-SU-2024:4314-1
SUSE-SU-2024:4315-1
SUSE-SU-2024:4316-1
SUSE-SU-2024:4318-1
SUSE-SU-2024:4364-1
SUSE-SU-2024:4376-1
SUSE-SU-2024:4387-1
SUSE-SU-2025:20163-1
SUSE-SU-2025:20164-1
SUSE-SU-2025:20246-1
SUSE-SU-2025:20247-1
USN-7276-1
USN-7277-1
USN-7310-1
USN-7383-1
USN-7383-2
USN-7384-1
USN-7384-2
USN-7385-1
USN-7386-1
USN-7403-1
USN-7451-1
USN-7468-1
USN-7523-1
USN-7524-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu