AZL-58977

See a problem?
Import Source
https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-58977.json
JSON Data
https://api.test.osv.dev/v1/vulns/AZL-58977
Upstream
Published
2025-02-27T02:15:11Z
Modified
2026-04-01T05:19:23.839675Z
Summary
CVE-2024-57984 affecting package kernel 5.15.200.1-1
Details

In the Linux kernel, the following vulnerability has been resolved:

i3c: dw: Fix use-after-free in dwi3cmaster driver due to race condition

In dwi3ccommonprobe, &master->hjwork is bound with dwi3chjwork. And dwi3cmasterirqhandler can call dwi3cmasterirqhandleibis function to start the work.

If we remove the module which will call dwi3ccommonremove to make cleanup, it will free master->base through i3cmaster_unregister while the work mentioned above will be used. The sequence of operations that may lead to a UAF bug is as follows:

CPU0 CPU1

                                 | dw_i3c_hj_work

dwi3ccommonremove | i3cmasterunregister(&master->base) | deviceunregister(&master->dev) | devicerelease | //free master->base | | i3cmasterdodaa(&master->base) | //use master->base

Fix it by ensuring that the work is canceled before proceeding with the cleanup in dwi3ccommon_remove.

References

Affected packages

Azure Linux:2 / kernel

Package

Name
kernel
Purl
pkg:rpm/azure-linux/kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
5.15.200.1-1

Database specific

source 
"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-58977.json"