CVE-2024-49853 is a vulnerability identified in the Linux kernel specifically within the firmware component related to the ARM System Control and Management Interface (arm_scmi) transport mechanism used by OP-TEE (Open Portable Trusted Execution Environment). The flaw involves a double free error occurring during the unloading of the protocol stack. In this context, channels can be shared between multiple protocols, but the kernel code previously did not properly track this sharing, leading to the same channel descriptors being freed multiple times. This double free can cause memory corruption, which may lead to kernel crashes (denial of service) or potentially be leveraged for privilege escalation or arbitrary code execution within the kernel context if exploited carefully. The vulnerability affects certain Linux kernel versions identified by specific commit hashes, indicating it is present in recent or development versions prior to the fix. No public exploits are currently known in the wild, and no CVSS score has been assigned yet. The fix involves ensuring that shared channels are not freed more than once by correctly managing the lifecycle of channel descriptors when unloading the stack.

For European organizations, the impact of this vulnerability depends largely on their use of Linux systems running affected kernel versions, particularly those utilizing ARM architectures with OP-TEE environments. This is common in embedded systems, IoT devices, and specialized hardware platforms used in industrial control, telecommunications, and secure computing environments. Exploitation could lead to system instability or denial of service, impacting availability of critical services. More severe exploitation could allow attackers to gain elevated privileges on affected devices, potentially compromising confidentiality and integrity of sensitive data and operations. Given the kernel-level nature of the flaw, successful exploitation could undermine the security of the entire system, affecting servers, network appliances, or endpoint devices. Organizations relying on Linux-based infrastructure in sectors such as finance, healthcare, manufacturing, and government could face operational disruptions or data breaches if unpatched systems are targeted.

European organizations should prioritize patching affected Linux kernel versions as soon as updates containing the fix are available. Since the vulnerability relates to a specific firmware transport mechanism (arm_scmi) used in OP-TEE, organizations should audit their environments to identify devices and systems running affected kernel versions with ARM architectures and OP-TEE enabled. Where patching is not immediately feasible, mitigating controls include isolating vulnerable devices from untrusted networks, restricting access to management interfaces, and monitoring for unusual kernel crashes or system instability that could indicate exploitation attempts. Additionally, organizations should implement kernel hardening techniques such as enabling kernel address space layout randomization (KASLR), kernel page-table isolation (KPTI), and other memory protection features to reduce exploitation likelihood. Regular vulnerability scanning and inventory management will help ensure no affected systems remain unpatched.