CVE-2024-50055

HIGH

Linux Kernel - Use-After-Free in bus_register() Driver Core

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: driver core: bus: Fix double free in driver API bus_register() For bus_register(), any error which happens after kset_register() will cause that @priv are freed twice, fixed by setting @priv with NULL after the first free.

References (5)

Core 5

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html

Mailing List

https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

Patch

https://git.kernel.org/stable/c/d885c464c25018b81a6b58f5d548fc2e3ef87dd1

Patch

https://git.kernel.org/stable/c/9ce15f68abedfae7ae0a35e95895aeddfd0f0c6a

Patch

https://git.kernel.org/stable/c/bfa54a793ba77ef696755b66f3ac4ed00c7d1248

Scores

CVSS v3 7.8

EPSS 0.0024

EPSS Percentile 15.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-415

Status published

Products (11)

linux/Kernel 6.3.0 - 6.6.57linux

linux/Kernel 6.7.0 - 6.11.4linux

Linux/Linux < 6.3

Linux/Linux 3465e2e4a24eef9bc9f21aa29d83fd7000c1da48 - 9ce15f68abedfae7ae0a35e95895aeddfd0f0c6a

Linux/Linux 3465e2e4a24eef9bc9f21aa29d83fd7000c1da48 - bfa54a793ba77ef696755b66f3ac4ed00c7d1248

Linux/Linux 3465e2e4a24eef9bc9f21aa29d83fd7000c1da48 - d885c464c25018b81a6b58f5d548fc2e3ef87dd1

Linux/Linux 6.11.4 - 6.11.*

Linux/Linux 6.12

Linux/Linux 6.3

Linux/Linux 6.6.57 - 6.6.*

... and 1 more

Published Oct 21, 2024

Tracked Since Feb 18, 2026