CVE-2024-50150 – This is a use-after-free vulnerability in the L... (How to Fix)

Q: What is the severity of CVE-2024-50150?

CVE-2024-50150 has a CVSS score of 7.8 (HIGH). This is a use-after-free vulnerability in the Linux kernel's USB Type-C alternate mode subsystem. When an altmode device is released, it references its parent device without maintaining a proper reference, potentially leading to memory corruption. This affects systems using USB Type-C alternate modes with the affected kernel versions.

📋 TL;DR

This is a use-after-free vulnerability in the Linux kernel's USB Type-C alternate mode subsystem. When an altmode device is released, it references its parent device without maintaining a proper reference, potentially leading to memory corruption. This affects systems using USB Type-C alternate modes with the affected kernel versions.

💻 Affected Systems

Products:

Linux kernel

Versions: Kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires CONFIG_TYPEC and USB Type-C alternate mode support. More likely to affect systems with USB Type-C ports.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic, system crash, or potential privilege escalation leading to full system compromise.

🟠

Likely Case

System instability, kernel crashes, or denial of service when USB Type-C alternate mode devices are connected/disconnected.

🟢

If Mitigated

Minor system instability or crashes limited to USB Type-C functionality.

🌐 Internet-Facing: LOW - This is a local kernel vulnerability requiring physical or local USB device access.

🏢 Internal Only: MEDIUM - Could be exploited by malicious USB devices or through local access to trigger system instability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires physical USB device access or ability to trigger USB Type-C alternate mode operations. The KASAN report suggests memory corruption is possible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 1ded6b12499e6dee9b0e1ceac633be36538f6fc2, 2b0b33e8a58388fa9078f0fbe9af1900e6b08879, 2c15c4133d00f5da632fce60ed013fc31aa9aa58, 68a7c7fe322546be1464174c8d85874b8161deda, 6af43ec3bf40f8b428d9134ffa7a291aecd60da8

Vendor Advisory: https://git.kernel.org/stable/c/1ded6b12499e6dee9b0e1ceac633be36538f6fc2

Restart Required: Yes

Instructions:

1. Update to a kernel version containing the fix commits. 2. Check your distribution's security advisories for backported patches. 3. Reboot the system after kernel update.

🔧 Temporary Workarounds

Disable USB Type-C alternate mode support

linux

Remove or disable CONFIG_TYPEC_ALTMODE kernel module if not needed

modprobe -r typec_altmode
echo 'blacklist typec_altmode' > /etc/modprobe.d/disable-typec-altmode.conf

Restrict USB device access

all

Limit physical USB port access to trusted devices only

🧯 If You Can't Patch

Implement strict physical security controls for USB ports
Monitor system logs for KASAN errors or kernel crashes related to typec_altmode

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if typec_altmode module is loaded: 'lsmod | grep typec_altmode' and 'uname -r'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits or check if distribution has backported the patch in security advisories

📡 Detection & Monitoring

Log Indicators:

KASAN: slab-use-after-free in typec_altmode_release
kernel panic or oops messages
USB Type-C related errors in dmesg

SIEM Query:

source="kernel" AND ("typec_altmode_release" OR "KASAN: slab-use-after-free" OR "USB Type-C")

📊 Metadata

CVE ID: CVE-2024-50150

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: November 7, 2024

Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-50150, you might also want to check these: