PT-2024-8529 · Linux+4 · Linux Kernel+4

Published

2024-10-11

·

Updated

2025-10-03

·

CVE-2024-50159

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.61
Description The issue is related to a double free in the scmi debugfs common setup() function in the Linux kernel. This occurs when devm add action or reset() fails, causing scmi debugfs common cleanup() to run twice and resulting in the double free of 'dbg->name'. The Clang static checker throws a warning about an attempt to free released memory. The vulnerability may allow an attacker to impact the confidentiality, integrity, and availability of protected information.
Recommendations For Linux kernel versions prior to 6.6.61, update to version 6.6.61 or later to fix the issue. As a temporary workaround, consider disabling the scmi debugfs common setup() function until a patch is available. Restrict access to the drivers/firmware/arm scmi/driver.c module to minimize the risk of exploitation. Avoid using the dbg->name variable in the affected code until the issue is resolved.

Exploit

Fix

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2024-17211
ALT-PU-2025-12647
AZL-52980
BDU:2024-10095
CVE-2024-50159
MGASA-2024-0368
MGASA-2024-0369
OESA-2024-2537
OPENSUSE-SU-2024:14500-1
OPENSUSE-SU-2024_4314-1
OPENSUSE-SU-2024_4316-1
OPENSUSE-SU-2025:14705-1
SUSE-SU-2024:4314-1
SUSE-SU-2024:4316-1
SUSE-SU-2024:4318-1
SUSE-SU-2024:4387-1
SUSE-SU-2025:20163-1
SUSE-SU-2025:20164-1
SUSE-SU-2025:20246-1
SUSE-SU-2025:20247-1
USN-7276-1
USN-7277-1
USN-7310-1
USN-7449-1
USN-7449-2
USN-7450-1
USN-7451-1
USN-7452-1
USN-7453-1
USN-7468-1
USN-7523-1
USN-7524-1

Affected Products

Alt Linux
Linuxmint
Linux Kernel
Suse
Ubuntu