CVE-2024-50055 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: driver core: bus: Fix double free in driver API bus_register() For bus_register(), any error which happens after kset_register() will cause that @priv are freed twice, fixed by setting @priv with NULL after the first free.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
kernel-0:5.14.0-570.12.1.el9_6	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:6966	2025-05-13T00:00:00Z
kernel-0:5.14.0-570.12.1.el9_6	cpe:/o:redhat:enterprise_linux:9	RHSA-2025:6966	2025-05-13T00:00:00Z

References

Link	Providers
https://git.kernel.org/stable/c/4797953712214ea57a437443bb0ad6d1e0646d70
https://git.kernel.org/stable/c/5be4bc1c73ca389a96d418a52054d897c6fe6d21
https://git.kernel.org/stable/c/87bc3cb23c56de2c5e14a58d87cf953e7a2508f8
https://git.kernel.org/stable/c/9ce15f68abedfae7ae0a35e95895aeddfd0f0c6a
https://git.kernel.org/stable/c/bfa54a793ba77ef696755b66f3ac4ed00c7d1248
https://git.kernel.org/stable/c/d885c464c25018b81a6b58f5d548fc2e3ef87dd1
https://git.kernel.org/stable/c/fc1f391a71a3ee88291e205cffd673fe24d99266
https://lore.kernel.org/linux-cve-announce/2024102134-CVE-2024-50055-7d1f@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-50055
https://www.cve.org/CVERecord?id=CVE-2024-50055

History

Wed, 14 May 2025 02:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux

Thu, 13 Mar 2025 12:30:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/87bc3cb23c56de2c5e14a58d87cf953e7a2508f8

Sat, 14 Dec 2024 21:00:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/4797953712214ea57a437443bb0ad6d1e0646d70 https://git.kernel.org/stable/c/5be4bc1c73ca389a96d418a52054d897c6fe6d21 https://git.kernel.org/stable/c/fc1f391a71a3ee88291e205cffd673fe24d99266

Wed, 23 Oct 2024 22:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-415
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
Metrics	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Tue, 22 Oct 2024 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 22 Oct 2024 13:30:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2024102134-CVE-2024-50055-7d1f@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2024-50055 https://www.cve.org/CVERecord?id=CVE-2024-50055
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Mon, 21 Oct 2024 19:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: driver core: bus: Fix double free in driver API bus_register() For bus_register(), any error which happens after kset_register() will cause that @priv are freed twice, fixed by setting @priv with NULL after the first free.
Title		driver core: bus: Fix double free in driver API bus_register()
References		https://git.kernel.org/stable/c/9ce15f68abedfae7ae0a35e95895aeddfd0f0c6a https://git.kernel.org/stable/c/bfa54a793ba77ef696755b66f3ac4ed00c7d1248 https://git.kernel.org/stable/c/d885c464c25018b81a6b58f5d548fc2e3ef87dd1

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-10-21T19:39:46.476Z

Updated: 2025-05-04T09:44:50.685Z

Reserved: 2024-10-21T19:36:19.938Z

Link: CVE-2024-50055

Vulnrichment

Updated: 2024-10-22T13:23:40.396Z

NVD

Status : Modified

Published: 2024-10-21T20:15:17.770

Modified: 2025-03-13T13:15:41.767

Link: CVE-2024-50055

Redhat

Severity : Moderate

Publid Date: 2024-10-21T00:00:00Z

Links: CVE-2024-50055 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object