{"id":"CVE-2024-50150","summary":"usb: typec: altmode should keep reference to parent","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: altmode should keep reference to parent\n\nThe altmode device release refers to its parent device, but without keeping\na reference to it.\n\nWhen registering the altmode, get a reference to the parent and put it in\nthe release function.\n\nBefore this fix, when using CONFIG_DEBUG_KOBJECT_RELEASE, we see issues\nlike this:\n\n[   43.572860] kobject: 'port0.0' (ffff8880057ba008): kobject_release, parent 0000000000000000 (delayed 3000)\n[   43.573532] kobject: 'port0.1' (ffff8880057bd008): kobject_release, parent 0000000000000000 (delayed 1000)\n[   43.574407] kobject: 'port0' (ffff8880057b9008): kobject_release, parent 0000000000000000 (delayed 3000)\n[   43.575059] kobject: 'port1.0' (ffff8880057ca008): kobject_release, parent 0000000000000000 (delayed 4000)\n[   43.575908] kobject: 'port1.1' (ffff8880057c9008): kobject_release, parent 0000000000000000 (delayed 4000)\n[   43.576908] kobject: 'typec' (ffff8880062dbc00): kobject_release, parent 0000000000000000 (delayed 4000)\n[   43.577769] kobject: 'port1' (ffff8880057bf008): kobject_release, parent 0000000000000000 (delayed 3000)\n[   46.612867] ==================================================================\n[   46.613402] BUG: KASAN: slab-use-after-free in typec_altmode_release+0x38/0x129\n[   46.614003] Read of size 8 at addr ffff8880057b9118 by task kworker/2:1/48\n[   46.614538]\n[   46.614668] CPU: 2 UID: 0 PID: 48 Comm: kworker/2:1 Not tainted 6.12.0-rc1-00138-gedbae730ad31 #535\n[   46.615391] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[   46.616042] Workqueue: events kobject_delayed_cleanup\n[   46.616446] Call Trace:\n[   46.616648]  \u003cTASK\u003e\n[   46.616820]  dump_stack_lvl+0x5b/0x7c\n[   46.617112]  ? typec_altmode_release+0x38/0x129\n[   46.617470]  print_report+0x14c/0x49e\n[   46.617769]  ? rcu_read_unlock_sched+0x56/0x69\n[   46.618117]  ? __virt_addr_valid+0x19a/0x1ab\n[   46.618456]  ? kmem_cache_debug_flags+0xc/0x1d\n[   46.618807]  ? typec_altmode_release+0x38/0x129\n[   46.619161]  kasan_report+0x8d/0xb4\n[   46.619447]  ? typec_altmode_release+0x38/0x129\n[   46.619809]  ? process_scheduled_works+0x3cb/0x85f\n[   46.620185]  typec_altmode_release+0x38/0x129\n[   46.620537]  ? process_scheduled_works+0x3cb/0x85f\n[   46.620907]  device_release+0xaf/0xf2\n[   46.621206]  kobject_delayed_cleanup+0x13b/0x17a\n[   46.621584]  process_scheduled_works+0x4f6/0x85f\n[   46.621955]  ? __pfx_process_scheduled_works+0x10/0x10\n[   46.622353]  ? hlock_class+0x31/0x9a\n[   46.622647]  ? lock_acquired+0x361/0x3c3\n[   46.622956]  ? move_linked_works+0x46/0x7d\n[   46.623277]  worker_thread+0x1ce/0x291\n[   46.623582]  ? __kthread_parkme+0xc8/0xdf\n[   46.623900]  ? __pfx_worker_thread+0x10/0x10\n[   46.624236]  kthread+0x17e/0x190\n[   46.624501]  ? kthread+0xfb/0x190\n[   46.624756]  ? __pfx_kthread+0x10/0x10\n[   46.625015]  ret_from_fork+0x20/0x40\n[   46.625268]  ? __pfx_kthread+0x10/0x10\n[   46.625532]  ret_from_fork_asm+0x1a/0x30\n[   46.625805]  \u003c/TASK\u003e\n[   46.625953]\n[   46.626056] Allocated by task 678:\n[   46.626287]  kasan_save_stack+0x24/0x44\n[   46.626555]  kasan_save_track+0x14/0x2d\n[   46.626811]  __kasan_kmalloc+0x3f/0x4d\n[   46.627049]  __kmalloc_noprof+0x1bf/0x1f0\n[   46.627362]  typec_register_port+0x23/0x491\n[   46.627698]  cros_typec_probe+0x634/0xbb6\n[   46.628026]  platform_probe+0x47/0x8c\n[   46.628311]  really_probe+0x20a/0x47d\n[   46.628605]  device_driver_attach+0x39/0x72\n[   46.628940]  bind_store+0x87/0xd7\n[   46.629213]  kernfs_fop_write_iter+0x1aa/0x218\n[   46.629574]  vfs_write+0x1d6/0x29b\n[   46.629856]  ksys_write+0xcd/0x13b\n[   46.630128]  do_syscall_64+0xd4/0x139\n[   46.630420]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[   46.630820]\n[   46.630946] Freed by task 48:\n[   46.631182]  kasan_save_stack+0x24/0x44\n[   46.631493]  kasan_save_track+0x14/0x2d\n[   46.631799]  kasan_save_free_info+0x3f/0x4d\n[   46.632144]  __kasan_slab_free+0x37/0x45\n[   46.632474]\n---truncated---","modified":"2026-04-02T12:21:18.370397Z","published":"2024-11-07T09:31:26.782Z","related":["MGASA-2024-0368","MGASA-2024-0369","SUSE-SU-2024:4314-1","SUSE-SU-2024:4315-1","SUSE-SU-2024:4316-1","SUSE-SU-2024:4318-1","SUSE-SU-2024:4364-1","SUSE-SU-2024:4367-1","SUSE-SU-2024:4376-1","SUSE-SU-2024:4387-1","SUSE-SU-2025:0035-1","SUSE-SU-2025:20163-1","SUSE-SU-2025:20164-1","SUSE-SU-2025:20246-1","SUSE-SU-2025:20247-1","USN-7276-1","USN-7277-1","openSUSE-SU-2024:14500-1","openSUSE-SU-2025:14705-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50150.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/1ded6b12499e6dee9b0e1ceac633be36538f6fc2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2b0b33e8a58388fa9078f0fbe9af1900e6b08879"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2c15c4133d00f5da632fce60ed013fc31aa9aa58"},{"type":"WEB","url":"https://git.kernel.org/stable/c/68a7c7fe322546be1464174c8d85874b8161deda"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6af43ec3bf40f8b428d9134ffa7a291aecd60da8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/87474406056891e4fdea0794e1f632b21b3dfa27"},{"type":"WEB","url":"https://git.kernel.org/stable/c/bee1b68cb8bcee4fd3a8bde3a4886e0b1375dc4d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/befab3a278c59db0cc88c8799638064f6d3fd6f8"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50150.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50150"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"8a37d87d72f0c69f837229c04d2fcd7117ea57e7"},{"fixed":"2b0b33e8a58388fa9078f0fbe9af1900e6b08879"},{"fixed":"2c15c4133d00f5da632fce60ed013fc31aa9aa58"},{"fixed":"6af43ec3bf40f8b428d9134ffa7a291aecd60da8"},{"fixed":"87474406056891e4fdea0794e1f632b21b3dfa27"},{"fixed":"bee1b68cb8bcee4fd3a8bde3a4886e0b1375dc4d"},{"fixed":"1ded6b12499e6dee9b0e1ceac633be36538f6fc2"},{"fixed":"68a7c7fe322546be1464174c8d85874b8161deda"},{"fixed":"befab3a278c59db0cc88c8799638064f6d3fd6f8"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-50150.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}