Use-After-Free Vulnerability in Linux Kernel i3c Driver by Vendor Linux
CVE-2024-57984

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 February 2025

Summary

A use-after-free vulnerability was identified in the i3c driver of the Linux kernel. The flaw exists due to a race condition between the dw_i3c_common_probe and dw_i3c_common_remove functions. Specifically, if the dw_i3c_master driver module is removed while a specific work item is still in execution, the device could be unregistered and its associated resources freed, leading to potential system instability or exploitation. The issue has been addressed by ensuring that any ongoing work is properly canceled before executing cleanup processes.

Affected Version(s)

Linux 1dd728f5d4d4b8b53196c1e0fcf86bbaaee39cef < 60d2fb033a999bb644f8e8606ff4a1b82de36c6f

Linux 1dd728f5d4d4b8b53196c1e0fcf86bbaaee39cef < 9b0063098fcde17cd2894f2c96459b23388507ca

Linux 1dd728f5d4d4b8b53196c1e0fcf86bbaaee39cef

References

https://git.kernel.org/stable/c/60d2fb033a999bb644f8e8606...

https://git.kernel.org/stable/c/9b0063098fcde17cd2894f2c9...

https://git.kernel.org/stable/c/fc84dd3c909a372c0d130f5f8...

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Feb 27, 2025