CVE-2024-57984
- Source
- https://cve.org/CVERecord?id=CVE-2024-57984
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-57984.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-57984
- Downstream
- Related
- Published
- 2025-02-27T02:07:09.373Z
- Modified
- 2026-03-09T23:49:12.628212Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
i3c: dw: Fix use-after-free in dwi3cmaster driver due to race condition
In dwi3ccommonprobe, &master->hjwork is bound with dwi3chjwork. And dwi3cmasterirqhandler can call dwi3cmasterirqhandleibis function to start the work.
If we remove the module which will call dwi3ccommonremove to make cleanup, it will free master->base through i3cmaster_unregister while the work mentioned above will be used. The sequence of operations that may lead to a UAF bug is as follows:
CPU0 CPU1
| dw_i3c_hj_workdwi3ccommonremove | i3cmasterunregister(&master->base) | deviceunregister(&master->dev) | devicerelease | //free master->base | | i3cmasterdodaa(&master->base) | //use master->base
Fix it by ensuring that the work is canceled before proceeding with the cleanup in dwi3ccommon_remove.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/57xxx/CVE-2024-57984.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/60d2fb033a999bb644f8e8606ff4a1b82de36c6f
- https://git.kernel.org/stable/c/9b0063098fcde17cd2894f2c96459b23388507ca
- https://git.kernel.org/stable/c/b75439c945b94dd8a2b645355bdb56f948052601
- https://git.kernel.org/stable/c/fc84dd3c909a372c0d130f5f84c404717c17eed8
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/57xxx/CVE-2024-57984.json
- https://nvd.nist.gov/vuln/detail/CVE-2024-57984
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced1dd728f5d4d4b8b53196c1e0fcf86bbaaee39cefFixed60d2fb033a999bb644f8e8606ff4a1b82de36c6fFixed9b0063098fcde17cd2894f2c96459b23388507caFixedfc84dd3c909a372c0d130f5f84c404717c17eed8Fixedb75439c945b94dd8a2b645355bdb56f948052601