USB Type-C Security Vulnerability Fix
CVE-2024-50268

7.1HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 19 November 2024

What is CVE-2024-50268?

A vulnerability exists within the Linux kernel specifically related to the USB Type-C interface, where the user can potentially control the '*cmd' variable via debugfs. This allows for exploitation by setting 'new_cam' values beyond the designed limit (up to 255), while the corresponding uc->updated[] array is capped at UCSI_MAX_ALTMODES (30). This can result in out-of-bounds memory access, leading to unpredictable behaviors, potential crashes, and security risks. Developers and system administrators are advised to apply the relevant patches to mitigate this vulnerability and ensure system integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 170a6726d0e266f2c8f306e3d61715c32f4ee41e

Linux 170a6726d0e266f2c8f306e3d61715c32f4ee41e < 8f47984b35f3be0cfc652c2ca358d5768ea3456b

Linux 170a6726d0e266f2c8f306e3d61715c32f4ee41e < 604314ecd682913925980dc955caea2d036eab5f

References

https://git.kernel.org/stable/c/d76923164705821aa1b01b8d9...

https://git.kernel.org/stable/c/8f47984b35f3be0cfc652c2ca...

https://git.kernel.org/stable/c/604314ecd682913925980dc95...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 19, 2024

JSON

Linux