CVE-2024-50051
📋 TL;DR
This CVE describes a use-after-free vulnerability in the Linux kernel's mpc52xx SPI driver. When removing the driver module, the system fails to properly cancel pending work before freeing memory, allowing attackers to potentially execute arbitrary code or crash the system. This affects Linux systems using the mpc52xx SPI controller driver.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, or potential privilege escalation to kernel-level code execution allowing complete system compromise.
Likely Case
System instability, kernel crashes, or denial of service when the SPI driver module is removed under specific conditions.
If Mitigated
No impact if the vulnerability is patched or the affected driver is not loaded/used.
🎯 Exploit Status
Exploitation requires local access and ability to load/unload kernel modules (typically requires root or CAP_SYS_MODULE). The timing window for the use-after-free is narrow.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel trees (commits: 373d55a47dc662e5e30d12ad5d334312f757c1f1, 90b72189de2cddacb26250579da0510b29a8b82b, etc.)
Vendor Advisory: https://git.kernel.org/stable/c/373d55a47dc662e5e30d12ad5d334312f757c1f1
Restart Required: Yes
Instructions:
1. Update to a patched kernel version from your distribution vendor. 2. Reboot the system to load the new kernel. 3. Verify the mpc52xx_spi driver is not loaded if not needed.
🔧 Temporary Workarounds
Disable mpc52xx SPI driver
LinuxPrevent loading of the vulnerable driver module
echo 'blacklist mpc52xx_spi' > /etc/modprobe.d/disable-mpc52xx-spi.conf
rmmod mpc52xx_spi
🧯 If You Can't Patch
- Restrict module loading to authorized users only (sysctl kernel.modules_disabled=1 or restrict via capabilities)
- Monitor for unauthorized module loading/unloading activities
🔍 How to Verify
Check if Vulnerable:
Check if mpc52xx_spi module is loaded: lsmod | grep mpc52xx_spiCheck Version:
uname -rVerify Fix Applied:
Check kernel version against patched versions from your distribution, or verify the driver can be safely removed without crashes📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages
- System crashes during module removal
- dmesg entries showing use-after-free warnings
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
Search for: 'kernel: BUG: unable to handle kernel', 'kernel: general protection fault', or module removal events in system logs🔗 References
- https://git.kernel.org/stable/c/373d55a47dc662e5e30d12ad5d334312f757c1f1
- https://git.kernel.org/stable/c/90b72189de2cddacb26250579da0510b29a8b82b
- https://git.kernel.org/stable/c/984836621aad98802d92c4a3047114cf518074c8
- https://git.kernel.org/stable/c/cd5106c77d6d6828aa82449f01f4eb436d602a21
- https://git.kernel.org/stable/c/d0cde3911cf24e1bcdd4caa1d1b9ef57589db5a1
- https://git.kernel.org/stable/c/e0c6ce8424095c2da32a063d3fc027494c689817
- https://git.kernel.org/stable/c/f65d85bc1ffd8a2c194bb2cd65e35ed3648ddd59
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
