CVE-2024-50159 is a vulnerability identified in the Linux kernel specifically within the firmware subsystem related to the ARM System Control and Management Interface (SCMI) driver. The issue arises in the function scmi_debugfs_common_setup(), where a double free of memory occurs due to improper handling of error conditions. More precisely, when the function devm_add_action_or_reset() fails, the cleanup function scmi_debugfs_common_cleanup() is invoked twice, leading to a double free of the memory allocated for 'dbg->name'. This double free vulnerability is a classic memory management flaw that can lead to undefined behavior, including potential kernel crashes or exploitation opportunities such as use-after-free or heap corruption. The root cause is a redundant call to the cleanup function, which was removed in the patch to resolve the issue. The vulnerability was detected through static analysis using Clang's scan-build tool, which flagged the attempt to free already released memory. The affected code is part of the Linux kernel's ARM firmware driver, which is critical for managing firmware communication on ARM-based platforms. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability was published on November 7, 2024, and affects specific Linux kernel commits identified by their hashes. The fix involves removing the redundant cleanup call to prevent the double free condition.

For European organizations, the impact of CVE-2024-50159 depends largely on their use of ARM-based Linux systems, particularly those running custom or embedded Linux kernels with the affected firmware drivers. The vulnerability could lead to kernel instability or crashes, potentially causing denial of service (DoS) conditions on critical systems. More severe exploitation could allow attackers with local access to execute arbitrary code in kernel mode, compromising system confidentiality, integrity, and availability. This is especially relevant for industries relying on ARM-based infrastructure such as telecommunications, IoT deployments, automotive systems, and edge computing devices prevalent in Europe. Given the kernel-level nature of the flaw, successful exploitation could undermine the security of entire systems, leading to data breaches or disruption of services. However, the lack of known exploits and the requirement for local code execution or privileged access reduce the immediate risk. Nonetheless, organizations should prioritize patching to prevent potential future exploitation, especially in sectors with high security requirements such as finance, healthcare, and critical infrastructure.

European organizations should apply the Linux kernel patch that removes the redundant scmi_debugfs_common_cleanup() call as soon as it becomes available from their Linux distribution vendors or kernel maintainers. Since this vulnerability affects the ARM SCMI firmware driver, organizations using ARM-based Linux systems should audit their kernel versions and update to a fixed version. For embedded or custom Linux deployments, recompiling the kernel with the patch is essential. Additionally, organizations should implement strict access controls to limit local user privileges, reducing the risk of exploitation by unprivileged users. Employing kernel hardening techniques such as Kernel Address Space Layout Randomization (KASLR), and enabling security modules like SELinux or AppArmor can further mitigate exploitation risks. Monitoring system logs for kernel crashes or unusual behavior related to firmware drivers can help detect potential exploitation attempts. Finally, maintaining an up-to-date inventory of ARM-based Linux devices and ensuring timely patch management will reduce exposure to this and similar vulnerabilities.