CVE-2024-57857
Published: 15 January 2025
Summary
CVE-2024-57857 is a high-severity Use After Free (CWE-416) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 3.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Timely flaw remediation through kernel patching directly resolves the use-after-free vulnerability in the RDMA/siw subsystem as provided in the referenced commits.
Memory protection mechanisms such as KASLR and stack-smashing protections mitigate exploitation of the use-after-free error during siw_query_port() calls.
Vulnerability scanning identifies the presence of CVE-2024-57857 in vulnerable Linux kernel versions incorporating the flawed RDMA/siw code.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local kernel use-after-free in RDMA/siw directly enables privilege escalation via arbitrary code execution or memory corruption from low-privileged context.
NVD Description
In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Remove direct link to net_device Do not manage a per device direct link to net_device. Rely on associated ib_devices net_device management, not doubling the effort locally. A badly managed…
more
local link to net_device was causing a 'KASAN: slab-use-after-free' exception during siw_query_port() call.
Deeper analysisAI
CVE-2024-57857 is a use-after-free vulnerability (CWE-416) in the Linux kernel's RDMA/siw subsystem. It arises from improper management of a per-device direct link to the net_device, which leads to a KASAN-detected slab-use-after-free exception during the siw_query_port() call. The issue affects Linux kernel versions incorporating the vulnerable RDMA/siw code prior to the application of the fixing commits.
A local attacker with low privileges (PR:L) can exploit this vulnerability with low attack complexity (AC:L) and no user interaction required (UI:N). Successful exploitation grants high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), with an overall CVSS v3.1 base score of 7.8. This could potentially allow the attacker to execute arbitrary code, corrupt kernel memory, or cause denial of service in the affected system.
Kernel patches addressing the vulnerability are available in the provided commit references: https://git.kernel.org/stable/c/16b87037b48889d21854c8e97aec8a1baf2642b3 and https://git.kernel.org/stable/c/4eafeb4f021c50d13f199239d913b37de3c83135. These commits remove the direct per-device link to net_device, instead relying on the associated ib_devices' net_device management to prevent the double effort and use-after-free condition. Security practitioners should update to kernels including these fixes.
Details
- CWE(s)