CVE-2024-50055
📋 TL;DR
This CVE describes a double-free vulnerability in the Linux kernel's driver core bus subsystem. When bus_register() fails after kset_register(), it can free the same memory twice, potentially leading to memory corruption. This affects Linux systems with kernel versions containing the vulnerable code.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic, system crash, or potential privilege escalation if an attacker can trigger the double-free and control subsequent memory allocations.
Likely Case
System instability, kernel crashes, or denial of service when driver registration fails under specific conditions.
If Mitigated
Minimal impact with proper kernel hardening and memory corruption protections enabled.
🎯 Exploit Status
Exploitation requires precise timing and control over memory allocations. Likely requires local access and driver loading capabilities.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing fixes from git commits: 9ce15f68abedfae7ae0a35e95895aeddfd0f0c6a, bfa54a793ba77ef696755b66f3ac4ed00c7d1248, d885c464c25018b81a6b58f5d548fc2e3ef87dd1
Vendor Advisory: https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Check distribution-specific advisories. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Restrict driver loading
linuxLimit ability to load kernel modules/drivers to trusted users only
echo 1 > /proc/sys/kernel/modules_disabled
chmod 600 /lib/modules/$(uname -r)/modules.*
Enable kernel hardening
linuxEnable kernel memory corruption protections
sysctl -w kernel.kptr_restrict=2
sysctl -w kernel.dmesg_restrict=1
🧯 If You Can't Patch
- Restrict access to driver loading capabilities to minimize attack surface
- Implement strict monitoring for kernel crashes and memory corruption events
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare with patched versions in git commits. Use: uname -r and examine kernel source for vulnerable bus_register() implementation.Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated to include the fix commits. Check /proc/version or examine kernel source for the NULL assignment after first free.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- Double-free detection in kernel logs
- Driver registration failure logs
- System crashes related to bus subsystem
Network Indicators:
- None - local vulnerability
SIEM Query:
source="kernel" AND ("double free" OR "bus_register" OR "kernel panic")🔗 References
- https://git.kernel.org/stable/c/9ce15f68abedfae7ae0a35e95895aeddfd0f0c6a
- https://git.kernel.org/stable/c/bfa54a793ba77ef696755b66f3ac4ed00c7d1248
- https://git.kernel.org/stable/c/d885c464c25018b81a6b58f5d548fc2e3ef87dd1
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
