CVE-2024-50267: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-50267 is a use-after-free vulnerability discovered in the Linux kernel's USB serial io_edgeport driver. The vulnerability was identified in the debug printk functionality where a pointer is accessed after being freed. The issue affects Linux kernel versions from 3.7 through 6.11.8, and was disclosed on November 18, 2024 (NVD).

The vulnerability occurs in the edgebulkoutcmdcallback function of the ioedgeport driver where 'devdbg(&urb->dev->dev, ...)' is called after usbfreeurb(urb), resulting in a use-after-free condition of the 'urb' pointer. The issue has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access requirements with potential for high impact on confidentiality, integrity, and availability (NVD).

The vulnerability could potentially lead to system crashes, information leaks, or privilege escalation due to the use-after-free condition in the kernel's USB serial driver. The high CVSS score indicates significant potential impact on system security if exploited (NVD).

The vulnerability has been patched in the Linux kernel. The fix involves storing the device pointer at the start of the function to avoid the use-after-free condition. Multiple stable kernel versions have received the patch, including versions 5.10.234-1, 6.1.128-1, and 6.12.17-1 (Debian).