CVE-2024-50057

Low

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tipd: Free IRQ only if it was requested before In polling mode, if no IRQ was requested there is no need to free it. Call devm_free_irq() only if client->irq is set. This fixes the warning caused by the tps6598x module removal: WARNING: CPU: 2 PID: 333 at kernel/irq/devres.c:144 devm_free_irq+0x80/0x8c ... ... Call trace: devm_free_irq+0x80/0x8c tps6598x_remove+0x28/0x88 [tps6598x] i2c_device_remove+0x2c/0x9c device_remove+0x4c/0x80 device_release_driver_internal+0x1cc/0x228 driver_detach+0x50/0x98 bus_remove_driver+0x6c/0xbc driver_unregister+0x30/0x60 i2c_del_driver+0x54/0x64 tps6598x_i2c_driver_exit+0x18/0xc3c [tps6598x] __arm64_sys_delete_module+0x184/0x264 invoke_syscall+0x48/0x110 el0_svc_common.constprop.0+0xc8/0xe8 do_el0_svc+0x20/0x2c el0_svc+0x28/0x98 el0t_64_sync_handler+0x13c/0x158 el0t_64_sync+0x190/0x194

Package Linux Kernel
Published 2024-10-21
Last modified 2024-10-24
CVSS version 3.1
Patch available
Yes

CVSS 3.1 score

3.3

out of 10
Low
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
Low
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Weakness type

CWE-763

CVE-2024-50057 is a Release of Invalid Pointer or Reference vulnerability

What is Release of Invalid Pointer or Reference?

The product attempts to return a memory resource to the system but calls the wrong release function. Learn more on MITRE CWE

Affected versions

Linux kernel versions 4.15 and later are affected. Fixed in 6.6.57, 6.11.4, 6.12 and their respective stable series.

Affected from
≥ 4.15
Fixed in
✓ 6.6.57 6.6.x ✓ 6.11.4 6.11.x ✓ 6.12

References

The following references provide additional information about CVE-2024-50057 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Frequently asked questions

  • What is CVE-2024-50057?

    CVE-2024-50057 is a Low severity Linux kernel vulnerability with a CVSS score of 3.3 out of 10 , classified as a Release of Invalid Pointer or Reference flaw (CWE-763) . It affects Linux kernel versions from 4.15 onward and has been patched in 6.6.57, 6.11.4 and 6.12. CVE-2024-50057 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

  • What is the CVSS score for CVE-2024-50057?

    CVE-2024-50057 has a CVSS score of 3.3 out of 10, rated Low severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L .

  • Is there a patch available for CVE-2024-50057?

    Yes — CVE-2024-50057 has been patched. Fixed versions include 6.6.57, 6.11.4 and 6.12. If you are running Linux kernel 4.15 or later up to the fix versions, apply the relevant patch for your kernel branch.

  • Is CVE-2024-50057 actively exploited?

    No — CVE-2024-50057 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.

  • What is Release of Invalid Pointer or Reference (CWE-763)?

    The product attempts to return a memory resource to the system but calls the wrong release function. View CWE-763 on MITRE CWE →

Back to
All CVEs
View on
NVD / NIST