CVE-2024-50058: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-50058 is a vulnerability in the Linux kernel's serial driver subsystem, discovered in 2024. The issue involves an unprotected uartportdtrrts() call in the uartshutdown() function, which could potentially lead to a NULL pointer dereference. The vulnerability affects Linux kernel versions up to 6.6.57 and versions from 6.7 up to 6.11.4 (NVD).

The vulnerability stems from an inconsistency in NULL pointer checks within the uartshutdown() function. While commit af224ca2df29 added NULL checks for uport, it left an unprotected uartportdtrrts(uport, false) call that could be triggered when HUPCL is set. The issue was identified through Coverity static analysis under CID 1585130. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability could lead to a NULL pointer dereference in the Linux kernel's serial driver subsystem, potentially resulting in a system crash or denial of service condition. The impact is limited by the fact that the vulnerable code path is only executed when HUPCL (Hang Up on Last Close) is set (Kernel Commit).

The vulnerability has been fixed in the Linux kernel through a patch that moves the uartportdtr_rts() call inside the existing NULL pointer check block. The fix has been backported to multiple kernel versions. Users should update their Linux kernel to a patched version (Kernel Commit).