{"id":"AZL-53727","summary":"CVE-2024-50269 affecting package kernel for versions less than 5.15.173.1-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: musb: sunxi: Fix accessing an released usb phy\n\nCommit 6ed05c68cbca (\"usb: musb: sunxi: Explicitly release USB PHY on\nexit\") will cause that usb phy @glue-\u003exceiv is accessed after released.\n\n1) register platform driver @sunxi_musb_driver\n// get the usb phy @glue-\u003exceiv\nsunxi_musb_probe() -\u003e devm_usb_get_phy().\n\n2) register and unregister platform driver @musb_driver\nmusb_probe() -\u003e sunxi_musb_init()\nuse the phy here\n//the phy is released here\nmusb_remove() -\u003e sunxi_musb_exit() -\u003e devm_usb_put_phy()\n\n3) register @musb_driver again\nmusb_probe() -\u003e sunxi_musb_init()\nuse the phy here but the phy has been released at 2).\n...\n\nFixed by reverting the commit, namely, removing devm_usb_put_phy()\nfrom sunxi_musb_exit().","modified":"2026-04-01T05:18:07.016602Z","published":"2024-11-19T02:16:28Z","upstream":["CVE-2024-50269"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50269"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.15.173.1-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-53727.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}