PT-2024-33933 · Linux+4 · Linux Kernel+4

Published

2024-10-17

·

Updated

2025-09-29

·

CVE-2024-50100

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: A problem in the Linux kernel has been resolved, related to the dummy-hcd driver. The issue was caused by a difference between the timer pending() and hrtimer active() APIs, which led to "task hung" problems. The timer pending() function returns True when the timer is queued but not when its callback is running, whereas hrtimer active() returns True when the hrtimer is queued or its callback is running. This difference occasionally caused dummy urb enqueue() to think that the callback routine had not yet started when in fact it was almost finished, resulting in the hrtimer not being restarted and making it impossible for the driver to dequeue later the URB that was just enqueued. This caused usb kill urb() to hang.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Access of Uninitialized Pointer

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-824

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-17211
BDU:2025-14137
CVE-2024-50100
OPENSUSE-SU-2024:14500-1
OPENSUSE-SU-2024_4314-1
OPENSUSE-SU-2024_4316-1
OPENSUSE-SU-2025:14705-1
SUSE-SU-2024:4314-1
SUSE-SU-2024:4316-1
SUSE-SU-2024:4318-1
SUSE-SU-2024:4387-1
SUSE-SU-2025:20163-1
SUSE-SU-2025:20164-1
SUSE-SU-2025:20246-1
SUSE-SU-2025:20247-1
USN-7276-1
USN-7277-1
USN-7310-1

Affected Products

Alt Linux
Linuxmint
Linux Kernel
Suse
Ubuntu