mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-28 18:48:49 +00:00
1.1 KiB
1.1 KiB
CVE-2024-50051
Description
In the Linux kernel, the following vulnerability has been resolved:spi: mpc52xx: Add cancel_work_sync before module removeIf we remove the module which will call mpc52xx_spi_removeit will free 'ms' through spi_unregister_controller.while the work ms->work will be used. The sequence of operationsthat may lead to a UAF bug.Fix it by ensuring that the work is canceled before proceeding withthe cleanup in mpc52xx_spi_remove.
POC
Reference
No PoCs from references.