CVE-2024-57984

HIGH EPSS 11.5%
Published Feb 27, 20251y ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Feb 27, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition In dw_i3c_common_probe, &master->hj_work is bound with dw_i3c_hj_work. And dw_i3c_master_irq_handler can call dw_i3c_master_irq_handle_ibis function to start the work. If we remove the module which will call dw_i3c_common_remove to make cleanup, it will free master->base through i3c_master_unregister while the work mentioned above will be used. The sequence of operations that may lead to a UAF bug is as follows: CPU0 CPU1 | dw_i3c_hj_work dw_i3c_common_remove | i3c_master_unregister(&master->base) | device_unregister(&master->dev) | device_release | //free master->base | | i3c_master_do_daa(&master->base) | //use master->base Fix it by ensuring that the work is canceled before proceeding with the cleanup in dw_i3c_common_remove.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
11.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 3

VendorProductVersionRange
linuxlinux_kernel*≥5.0  –  <6.6.76
linuxlinux_kernel*≥6.7  –  <6.12.13
linuxlinux_kernel*≥6.13  –  <6.13.2

References 4

  • git.kernel.org https://git.kernel.org/stable/c/60d2fb033a999bb644f8e8606ff4a1b82de36c6f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9b0063098fcde17cd2894f2c96459b23388507ca
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b75439c945b94dd8a2b645355bdb56f948052601
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fc84dd3c909a372c0d130f5f84c404717c17eed8
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/60d2fb033a999bb644f8e8606ff4a1b82de36c6f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9b0063098fcde17cd2894f2c96459b23388507ca
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b75439c945b94dd8a2b645355bdb56f948052601
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fc84dd3c909a372c0d130f5f84c404717c17eed8
    Patch