Login Sign Up

CVE-2024-50269

7.8 HIGH

📋 TL;DR

This CVE describes a use-after-free vulnerability in the Linux kernel's USB MUSB driver for Sunxi platforms. When the USB PHY is accessed after being released, it can cause kernel crashes or potentially allow local privilege escalation. Systems running affected Linux kernel versions with Sunxi USB hardware are vulnerable.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific kernel versions containing commit 6ed05c68cbca up to the fix commits
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with Sunxi USB hardware (Allwinner SoCs). Requires the musb-sunxi driver to be loaded and used.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash or local privilege escalation allowing full system compromise.

🟠

Likely Case

System instability, USB functionality disruption, or kernel crashes when USB devices are connected/disconnected.

🟢

If Mitigated

Limited impact if proper kernel hardening and privilege separation are in place, but still risk of denial of service.

🌐 Internet-Facing: LOW - This is a local kernel driver vulnerability requiring physical or local access to USB ports.
🏢 Internal Only: MEDIUM - Internal users with physical access to USB ports could potentially exploit this to crash systems or escalate privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access to trigger USB PHY operations. No public exploits known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with fix commits: 498dbd9aea205db9da674994b74c7bf8e18448bd, 4aa77d5ea9944468e16c3eed15e858fd5de44de1, 63559ba8077cbadae1c92a65b73ea522bf377dd9, 6e2848d1c8c0139161e69ac0a94133e90e9988e8, 721ddad945596220c123eb6f7126729fe277ee4f

Vendor Advisory: https://git.kernel.org/stable/c/498dbd9aea205db9da674994b74c7bf8e18448bd

Restart Required: Yes

Instructions:

1. Update to a patched kernel version from your distribution. 2. Rebuild kernel if compiling from source with the fix commits. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable musb-sunxi driver

linux

Prevent loading of the vulnerable driver module

echo 'blacklist musb-sunxi' >> /etc/modprobe.d/blacklist.conf
rmmod musb-sunxi

Disable USB functionality

linux

Disable USB controller in BIOS/UEFI or kernel parameters

Add 'nousb' to kernel boot parameters in GRUB configuration

🧯 If You Can't Patch

  • Restrict physical access to USB ports on affected systems
  • Implement strict privilege separation to limit impact of potential local privilege escalation

🔍 How to Verify

Check if Vulnerable:

Check if musb-sunxi driver is loaded: lsmod | grep musb_sunxi. Check kernel version against affected range.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits. Check that USB functionality works without crashes during connect/disconnect operations.

📡 Detection & Monitoring

Log Indicators:

  • Kernel oops messages related to USB PHY
  • System crashes during USB device operations
  • dmesg errors mentioning musb-sunxi or use-after-free

Network Indicators:

  • None - this is a local driver vulnerability

SIEM Query:

Search for kernel panic logs or use-after-free errors in system logs

📊 Metadata

CVE ID: CVE-2024-50269
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: November 19, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-50269, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)