Use After Free Affecting kernel-uek package, versions <0:5.4.17-2136.340.4.1.el7uek


Severity

Recommended
0.0
high
0
10

Based on Oracle Linux security rating.

Threat Intelligence

EPSS
0.27% (19th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-ORACLE7-KERNELUEK-8720726
  • published14 Feb 2025
  • disclosed19 Nov 2024

Introduced: 19 Nov 2024

CVE-2024-50269  (opens in a new tab)
CWE-416  (opens in a new tab)

How to fix?

Upgrade Oracle:7 kernel-uek to version 0:5.4.17-2136.340.4.1.el7uek or higher.
This issue was patched in ELSA-2025-20100.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-uek package and not the kernel-uek package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

usb: musb: sunxi: Fix accessing an released usb phy

Commit 6ed05c68cbca ("usb: musb: sunxi: Explicitly release USB PHY on exit") will cause that usb phy @glue->xceiv is accessed after released.

  1. register platform driver @sunxi_musb_driver // get the usb phy @glue->xceiv sunxi_musb_probe() -> devm_usb_get_phy().

  2. register and unregister platform driver @musb_driver musb_probe() -> sunxi_musb_init() use the phy here //the phy is released here musb_remove() -> sunxi_musb_exit() -> devm_usb_put_phy()

  3. register @musb_driver again musb_probe() -> sunxi_musb_init() use the phy here but the phy has been released at 2). ...

Fixed by reverting the commit, namely, removing devm_usb_put_phy() from sunxi_musb_exit().

CVSS Base Scores

version 3.1