CVE-2024-57984

EPSS 0.04%
Veröffentlicht 27.02.2025 02:15:11
Zuletzt bearbeitet 24.03.2025 17:48:09
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition

In dw_i3c_common_probe, &master->hj_work is bound with
dw_i3c_hj_work. And dw_i3c_master_irq_handler can call
dw_i3c_master_irq_handle_ibis function to start the work.

If we remove the module which will call dw_i3c_common_remove to
make cleanup, it will free master->base through i3c_master_unregister
while the work mentioned above will be used. The sequence of operations
that may lead to a UAF bug is as follows:

CPU0                                      CPU1

                                     | dw_i3c_hj_work
dw_i3c_common_remove                 |
i3c_master_unregister(&master->base) |
device_unregister(&master->dev)      |
device_release                       |
//free master->base                  |
                                     | i3c_master_do_daa(&master->base)
                                     | //use master->base

Fix it by ensuring that the work is canceled before proceeding with
the cleanup in dw_i3c_common_remove.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.0 < 6.6.76

Linux ≫ Linux Kernel Version >= 6.7 < 6.12.13

Linux ≫ Linux Kernel Version >= 6.13 < 6.13.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.098

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/60d2fb033a999bb644f8e8606ff4a1b82de36c6f

Patch

https://git.kernel.org/stable/c/9b0063098fcde17cd2894f2c96459b23388507ca

Patch

https://git.kernel.org/stable/c/b75439c945b94dd8a2b645355bdb56f948052601

Patch

https://git.kernel.org/stable/c/fc84dd3c909a372c0d130f5f84c404717c17eed8

Patch

https://nvd.nist.gov/vuln/detail/CVE-2024-57984

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-57984

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-57984

EUVD