CVE-2024-50051

spi: mpc52xx: Add cancel_work_sync before module remove

Description

In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: Add cancel_work_sync before module remove If we remove the module which will call mpc52xx_spi_remove it will free 'ms' through spi_unregister_controller. while the work ms->work will be used. The sequence of operations that may lead to a UAF bug. Fix it by ensuring that the work is canceled before proceeding with the cleanup in mpc52xx_spi_remove.

References

Link	Tags
https://git.kernel.org/stable/c/d0cde3911cf24e1bcdd4caa1d1b9ef57589db5a1	patch
https://git.kernel.org/stable/c/e0c6ce8424095c2da32a063d3fc027494c689817	patch
https://git.kernel.org/stable/c/cd5106c77d6d6828aa82449f01f4eb436d602a21	patch
https://git.kernel.org/stable/c/373d55a47dc662e5e30d12ad5d334312f757c1f1	patch
https://git.kernel.org/stable/c/f65d85bc1ffd8a2c194bb2cd65e35ed3648ddd59	patch
https://git.kernel.org/stable/c/90b72189de2cddacb26250579da0510b29a8b82b	patch
https://git.kernel.org/stable/c/984836621aad98802d92c4a3047114cf518074c8	patch

Frequently Asked Questions

What is the severity of CVE-2024-50051?: CVE-2024-50051 has been scored as a high severity vulnerability.
How to fix CVE-2024-50051?: To fix CVE-2024-50051, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-50051 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-50051 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-50051?: CVE-2024-50051 affects Linux Linux, Linux Linux.

Description

Category

CWE-416 – Use After Free

References

Frequently Asked Questions