CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-50166: fsl/fman: Fix refcount handling of fman-related devices

Description

In the Linux kernel, the following vulnerability has been resolved:

fsl/fman: Fix refcount handling of fman-related devices

In mac_probe() there are multiple calls to of_find_device_by_node(),
fman_bind() and fman_port_bind() which takes references to of_dev->dev.
Not all references taken by these calls are released later on error path
in mac_probe() and in mac_remove() which lead to reference leaks.

Add references release.

Classification

CVE ID: CVE-2024-50166

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 6.46% (scored less or equal to compared to others)

EPSS Date: 2025-06-02 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-50166
https://git.kernel.org/stable/c/5ed4334fc9512f934fe2ae9c4cf7f8142e451b8b
https://git.kernel.org/stable/c/3c2a3619d565fe16bf59b0a047bab103a2ee4490
https://git.kernel.org/stable/c/1dec67e0d9fbb087c2ab17bf1bd17208231c3bb1

Timeline

2025-03-06 09:45:29 UTC
Tenable Plugins

Linux Distros Unpatched Vulnerability : CVE-2024-50166
2025-05-04 10:40:22 UTC
CVE

fsl/fman: Fix refcount handling of fman-related devices