PT-2024-34096 · Linux+7 · Linux Kernel+7

Zijun Hu

·

Published

2024-11-05

·

Updated

2025-10-03

·

CVE-2024-50269

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: The issue concerns accessing a released USB PHY in the Linux kernel. Specifically, it involves the sunxi musb driver and the musb driver. The problem arises when the musb driver is registered and unregistered, causing the USB PHY to be released, but then accessed again after its release. This is due to a commit that explicitly releases the USB PHY on exit. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.
Technical details about exploitation include:
  • The sunxi musb probe() function calls devm usb get phy() to get the USB PHY.
  • The musb probe() function calls sunxi musb init() which uses the PHY.
  • The musb remove() function calls sunxi musb exit() which releases the PHY using devm usb put phy().
  • When the musb driver is registered again, musb probe() is called, which attempts to use the already released PHY.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2024-16040
ALT-PU-2024-17099
ALT-PU-2024-17211
ALT-PU-2024-17254
ALT-PU-2024-17891
ALT-PU-2025-12647
AZL-53727
BDU:2025-06978
CVE-2024-50269
DLA-4008-1
DLA-4075-1
DSA-5818-1
OESA-2024-2491
OESA-2024-2492
OESA-2024-2493
OESA-2024-2494
OPENSUSE-SU-2024_4314-1
OPENSUSE-SU-2024_4315-1
OPENSUSE-SU-2024_4316-1
OPENSUSE-SU-2024_4376-1
SUSE-SU-2024:4314-1
SUSE-SU-2024:4315-1
SUSE-SU-2024:4316-1
SUSE-SU-2024:4318-1
SUSE-SU-2024:4364-1
SUSE-SU-2024:4376-1
SUSE-SU-2024:4387-1
SUSE-SU-2025:1293-1
SUSE-SU-2025:20163-1
SUSE-SU-2025:20164-1
SUSE-SU-2025:20246-1
SUSE-SU-2025:20247-1
SUSE-SU-2025_1293-1
USN-7276-1
USN-7277-1
USN-7288-1
USN-7288-2
USN-7289-1
USN-7289-2
USN-7289-3
USN-7289-4
USN-7291-1
USN-7293-1
USN-7294-1
USN-7294-2
USN-7294-3
USN-7294-4
USN-7295-1
USN-7305-1
USN-7308-1
USN-7310-1
USN-7331-1
USN-7388-1
USN-7389-1
USN-7390-1
USN-7393-1
USN-7401-1
USN-7413-1
USN-7449-1
USN-7449-2
USN-7450-1
USN-7451-1
USN-7452-1
USN-7453-1
USN-7458-1
USN-7468-1
USN-7523-1
USN-7524-1
USN-7539-1
USN-7540-1

Affected Products

Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu