Linux Kernel: Use after free bug in debug printk fixed in io_edgeport module

CVE-2024-50267

7.8HIGH

Key Information

Vendor: Linux
Status: Linux Kernel
Vendor: CVE Published:; 19 November 2024

Summary

In the Linux kernel, the following vulnerability has been resolved: USB: serial: io_edgeport: fix use after free in debug printk The "dev_dbg(&urb->dev->dev, ..." which happens after usb_free_urb(urb) is a use after free of the "urb" pointer. Store the "dev" pointer at the start of the function to avoid this issue.

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Nov 19, 2024

Collectors

NVD Database