PT-2024-34070 · Linux+3 · Linux Kernel+3

Johan Hovold

Published

2024-09-11

Updated

2025-10-03

CVE-2024-50239

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.61

Description: A vulnerability in the Linux kernel has been resolved, specifically in the phy: qcom: qmp-usb-legacy driver. The issue arose from a commit that removed the initialisation of the platform device driver data, despite it still being used in the runtime PM callbacks. This bug was later reproduced when the driver was copied to create the qmp-usb-legacy driver. The vulnerability can cause a NULL-pointer dereference on runtime suspend. It is noted that runtime PM is not commonly used and needs to be enabled manually through sysfs.

Recommendations: For Linux kernel versions prior to 6.6.61, update to version 6.6.61 or later to resolve the issue. As a temporary workaround, consider disabling runtime PM through sysfs to minimize the risk of exploitation.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

ALT-PU-2024-17211

ALT-PU-2024-17891

ALT-PU-2025-12647

AZL-53301

BDU:2025-07899

CVE-2024-50239

MGASA-2024-0368

MGASA-2024-0369

OESA-2024-2537

OPENSUSE-SU-2024:14500-1

OPENSUSE-SU-2025:14705-1

USN-7276-1

USN-7277-1

USN-7310-1

USN-7449-1

USN-7449-2

USN-7450-1

USN-7451-1

USN-7452-1

USN-7453-1

USN-7468-1

USN-7523-1

USN-7524-1

Affected Products

Alt Linux

Linuxmint

Linux Kernel

Ubuntu

PT-2024-34070 · Linux+3 · Linux Kernel+3

CVE-2024-50239

Weakness Enumeration

Related Identifiers

Affected Products

References · 1647