PT-2024-8240 · Linux+8 · Linux Kernel+8

Jiri Slaby

+1

·

Published

2024-10-11

·

Updated

2026-05-26

·

CVE-2024-50073

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.11.0+
Description: The issue is related to a use-after-free vulnerability in the gsm cleanup mux function in the Linux kernel. This vulnerability can be exploited by an attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability occurs when gsm msg on the tx ctrl list or tx data list of gsm mux can be freed by multiple threads through ioctl, leading to a use-after-free condition. The vulnerability can be protected by using the gsm tx lock.
Recommendations: To resolve the issue, update the Linux kernel to a version that includes the fix for the gsm cleanup mux use-after-free vulnerability. As a temporary workaround, consider restricting access to the ioctl function to minimize the risk of exploitation. Additionally, ensure that the gsm tx lock is properly used to protect against the use-after-free condition.

Exploit

Fix

DoS

Use After Free

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2024-15251
ALT-PU-2024-17211
ALT-PU-2025-12647
AZL-52070
AZL-52132
BDU:2024-09793
CVE-2024-50073
DLA-4008-1
INFSA-2025_6966
OESA-2024-2370
OESA-2024-2424
OESA-2024-2425
OESA-2024-2491
OESA-2025-1078
OPENSUSE-SU-2024:14500-1
OPENSUSE-SU-2024_3984-1
OPENSUSE-SU-2024_3986-1
OPENSUSE-SU-2024_4315-1
OPENSUSE-SU-2024_4376-1
OPENSUSE-SU-2025:14705-1
OPENSUSE-SU-2025_0847-1
OPENSUSE-SU-2025_0856-1
OPENSUSE-SU-2025_0955-1
RHSA-2025:6966
RHSA-2025_6966
SUSE-SU-2024:3984-1
SUSE-SU-2024:3986-1
SUSE-SU-2024:4315-1
SUSE-SU-2024:4318-1
SUSE-SU-2024:4364-1
SUSE-SU-2024:4367-1
SUSE-SU-2024:4376-1
SUSE-SU-2024:4387-1
SUSE-SU-2025:0035-1
SUSE-SU-2025:0784-1
SUSE-SU-2025:0834-1
SUSE-SU-2025:0847-1
SUSE-SU-2025:0856-1
SUSE-SU-2025:0955-1
SUSE-SU-2025:20163-1
SUSE-SU-2025:20164-1
SUSE-SU-2025:20190-1
SUSE-SU-2025:20192-1
SUSE-SU-2025:20246-1
SUSE-SU-2025:20247-1
SUSE-SU-2025:20260-1
SUSE-SU-2025:20270-1
SUSE-SU-2025_0834-1
SUSE-SU-2025_0847-1
SUSE-SU-2025_0856-1
SUSE-SU-2025_0955-1
USN-7276-1
USN-7277-1
USN-7310-1
USN-7383-1
USN-7383-2
USN-7384-1
USN-7384-2
USN-7385-1
USN-7386-1
USN-7403-1
USN-7451-1
USN-7468-1
USN-7523-1
USN-7524-1
USN-7683-1
USN-7683-2
USN-7683-3
USN-7684-1
USN-7684-2
USN-7684-3
USN-7685-1
USN-7685-2
USN-7685-3
USN-7685-4
USN-7685-5
USN-7686-1
USN-7701-1
USN-7701-2
USN-7701-3
USN-7711-1
USN-7712-1
USN-7712-2
USN-7819-1
USN-7819-2
USN-7832-1

Affected Products

Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu