CVE-2024-50166: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-50166 affects the Linux kernel's FMan MAC driver, specifically in the handling of reference counts for FMan-related devices. The vulnerability was discovered in October 2024 and affects Linux kernel versions from 4.5 up to versions before 6.6.59, and from 6.7 up to versions before 6.11.6 (NVD).

The vulnerability exists in the macprobe() function where multiple calls to offinddevicebynode(), fmanbind() and fmanportbind() take references to ofdev->dev. Not all references taken by these calls are properly released on error paths in macprobe() and in mac_remove(), leading to reference count leaks. The issue has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The reference count leaks in the FMan MAC driver could potentially lead to resource exhaustion and system instability. The vulnerability affects the availability of the system but does not impact confidentiality or integrity (NVD).

The vulnerability has been fixed through patches that properly release references in both success and error paths. The fix includes adding reference release calls in macprobe() and macremove() functions. The patch has been merged into the Linux kernel and is available in versions 6.6.59, 6.11.6, and later (Kernel Patch).