CVE-2024-50300: 
CBL Mariner vulnerability analysis and mitigation

CVE-2024-50300 addresses an uninitialized use vulnerability in the Linux kernel's rtq2208 driver. The issue was discovered in the regulator configuration of the Richtek RTQ2208 SubPMIC driver, which could cause kernel errors. The vulnerability affects Linux kernel versions from 6.6 up to (excluding) 6.6.61, from 6.7 up to (excluding) 6.11.8, and various release candidates of version 6.12 (NVD).

The vulnerability stems from an uninitialized use of regulatorconfig in the rtq2208 driver. It has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The issue was introduced with commit 85a11f55621a which added the Richtek RTQ2208 SubPMIC driver, and has been fixed by initializing the regulatorconfig structure properly (Kernel Patch).

The vulnerability can cause kernel errors when using the rtq2208 driver, potentially affecting system stability. The CVSS score indicates that while the vulnerability requires local access and low privileges, it can have a high impact on system availability (NVD).

The vulnerability has been fixed in the Linux kernel through a patch that properly initializes the regulator_config structure. The fix has been backported to affected stable kernel versions. Users should update to patched kernel versions: 6.6.61 or later, 6.11.8 or later, or the latest 6.12 release (Kernel Patch).