VYPR
Unrated severityNVD Advisory· Published Jan 11, 2025· Updated Nov 3, 2025

spi: mpc52xx: Add cancel_work_sync before module remove

CVE-2024-50051

Description

In the Linux kernel, the following vulnerability has been resolved:

spi: mpc52xx: Add cancel_work_sync before module remove

If we remove the module which will call mpc52xx_spi_remove it will free 'ms' through spi_unregister_controller. while the work ms->work will be used. The sequence of operations that may lead to a UAF bug.

Fix it by ensuring that the work is canceled before proceeding with the cleanup in mpc52xx_spi_remove.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

100

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.