Use-after-free Vulnerability in Linux Kernel Affecting NTPD and GPSD on Raspberry Pi
CVE-2024-57979

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 February 2025

Summary

A critical use-after-free vulnerability exists in the Linux kernel when handling the PPS (Pulse Per Second) device, specifically within the context of NTPD and GPSD services. The vulnerability can lead to kernel panics and undefined behavior on affected hardware such as the Raspberry Pi 4 Model B during system reboots. This occurs due to improper management of device lifecycle and reference counting, allowing access to freed memory. The issue was highlighted by a sequence of warnings and call trace outputs pointing to invalid operations post device removal, demonstrating the need for careful resource management in kernel development.

Affected Version(s)

Linux d953e0e837e65ecc1ddaa4f9560f7925878a0de6 < 91932db1d96b2952299ce30c1c693d834d10ace6

Linux d953e0e837e65ecc1ddaa4f9560f7925878a0de6

Linux d953e0e837e65ecc1ddaa4f9560f7925878a0de6 < 7e5ee3281dc09014367f5112b6d566ba36ea2d49

References

https://git.kernel.org/stable/c/91932db1d96b2952299ce30c1...

https://git.kernel.org/stable/c/cd3bbcb6b3a7caa5ce67de767...

https://git.kernel.org/stable/c/7e5ee3281dc09014367f5112b...

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Feb 27, 2025