CVE-2024-50061

HIGH EPSS 11.8%
Published Oct 21, 20241y ago · Modified Jun 17, 20262w ago
7.0 CVSS 3.1
High
Find Similar
Published Oct 21, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition In the cdns_i3c_master_probe function, &master->hj_work is bound with cdns_i3c_master_hj. And cdns_i3c_master_interrupt can call cnds_i3c_master_demux_ibis function to start the work. If we remove the module which will call cdns_i3c_master_remove to make cleanup, it will free master->base through i3c_master_unregister while the work mentioned above will be used. The sequence of operations that may lead to a UAF bug is as follows: CPU0 CPU1 | cdns_i3c_master_hj cdns_i3c_master_remove | i3c_master_unregister(&master->base) | device_unregister(&master->dev) | device_release | //free master->base | | i3c_master_do_daa(&master->base) | //use master->base Fix it by ensuring that the work is canceled before proceeding with the cleanup in cdns_i3c_master_remove.

CVSS Details

Base Score
7.0
Exploitability
1.0
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
11.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 2

VendorProductVersionRange
linuxlinux_kernel* <6.6.57
linuxlinux_kernel*≥6.7  –  <6.11.4

References 5

  • git.kernel.org https://git.kernel.org/stable/c/2a21bad9964c91b34d65ba269914233720c0b1ce
  • git.kernel.org https://git.kernel.org/stable/c/609366e7a06d035990df78f1562291c3bf0d4a12
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/687016d6a1efbfacdd2af913e2108de6b75a28d5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ea0256e393e0072e8c80fd941547807f0c28108b
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/609366e7a06d035990df78f1562291c3bf0d4a12
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/687016d6a1efbfacdd2af913e2108de6b75a28d5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ea0256e393e0072e8c80fd941547807f0c28108b
    Patch