Use-after-free Vulnerability in Linux Kernel Affecting NTPD and GPSD on Raspberry Pi
CVE-2024-57979

7.8HIGH

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
27 February 2025

What is CVE-2024-57979?

A critical use-after-free vulnerability exists in the Linux kernel when handling the PPS (Pulse Per Second) device, specifically within the context of NTPD and GPSD services. The vulnerability can lead to kernel panics and undefined behavior on affected hardware such as the Raspberry Pi 4 Model B during system reboots. This occurs due to improper management of device lifecycle and reference counting, allowing access to freed memory. The issue was highlighted by a sequence of warnings and call trace outputs pointing to invalid operations post device removal, demonstrating the need for careful resource management in kernel development.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux d953e0e837e65ecc1ddaa4f9560f7925878a0de6 < 785c78ed0d39d1717cca3ef931d3e51337b5e90e

Linux d953e0e837e65ecc1ddaa4f9560f7925878a0de6 < 1a7735ab2cb9747518a7416fb5929e85442dec62

Linux d953e0e837e65ecc1ddaa4f9560f7925878a0de6

References

https://git.kernel.org/stable/c/785c78ed0d39d1717cca3ef93...
https://git.kernel.org/stable/c/1a7735ab2cb9747518a7416fb...
https://git.kernel.org/stable/c/c4041b6b0a7a3def8cf3f3d61...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.