CVE-2024-50073 is a high-severity use-after-free vulnerability in the Linux kernel's GSM (Global System for Mobile Communications) multiplexing driver, specifically within the n_gsm module. The vulnerability arises from improper handling of memory in the gsm_cleanup_mux function, where gsm_msg objects on the tx_ctrl_list or tx_data_list can be freed concurrently by multiple threads via ioctl calls without adequate synchronization. This leads to a use-after-free condition, as demonstrated by the Kernel Address Sanitizer (KASAN) detecting slab-use-after-free errors during the cleanup process. The root cause is a race condition where multiple threads can free the same memory object, causing subsequent accesses to invalid memory. The vulnerability affects Linux kernel versions around 6.11.0+ and involves kernel-space code that handles tty (teletypewriter) devices related to GSM multiplexing. Exploitation requires local privileges (low privilege level) but no user interaction, and the attack vector is local (AV:L). The impact includes full compromise of confidentiality, integrity, and availability of the affected system due to kernel memory corruption. The vulnerability has been addressed by introducing proper locking (gsm tx lock) to serialize access and prevent concurrent frees. No known exploits are reported in the wild as of the publication date (October 29, 2024). The CVSS v3.1 score is 7.8, reflecting the high impact and relatively low complexity of exploitation.

For European organizations, this vulnerability poses a significant risk especially for those running Linux-based infrastructure, including servers, embedded systems, and network devices that utilize the n_gsm driver or related GSM multiplexing functionality. The kernel-level nature of the flaw means successful exploitation could allow attackers to execute arbitrary code with kernel privileges, leading to full system compromise, data breaches, or denial of service. Critical infrastructure operators, telecom providers, and enterprises relying on Linux for telecommunication or IoT gateways could be particularly impacted. Given the local attack vector, threat actors would need some form of local access or ability to execute code on the target system, which could be achieved through other vulnerabilities or insider threats. The vulnerability could also be leveraged in chained attacks to escalate privileges. The absence of known exploits in the wild currently reduces immediate risk, but the high severity score and kernel-level impact necessitate prompt patching to prevent future exploitation. Additionally, the complexity of the bug and its presence in the kernel's tty subsystem means that unpatched systems could suffer from stability issues or crashes if exploited.

European organizations should prioritize updating their Linux kernel to the patched versions that fix CVE-2024-50073. Since the vulnerability is in the n_gsm driver, organizations should audit their systems to identify if this driver is in use, especially in telecom, embedded, or IoT devices. For systems where immediate patching is not feasible, consider disabling the n_gsm module if it is not required, to reduce the attack surface. Implement strict access controls and monitoring to limit local user privileges and detect suspicious ioctl calls or kernel module interactions. Employ kernel hardening techniques such as Kernel Address Sanitizer (KASAN) in testing environments to detect similar issues proactively. Additionally, ensure that endpoint security solutions are configured to detect anomalous local activity that could indicate exploitation attempts. For critical infrastructure, consider network segmentation to isolate vulnerable systems and reduce the risk of lateral movement. Finally, maintain an up-to-date inventory of Linux kernel versions and apply security patches promptly as part of a robust vulnerability management program.