Cyber Resilience

CVE-2024-57857

High

Published: 15 January 2025

Published
15 January 2025
Modified
24 March 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 5.3th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57857 is a high-severity Use After Free (CWE-416) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 5.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2024-57857 is a use-after-free vulnerability (CWE-416) in the Linux kernel's RDMA/siw subsystem. It arises from improper management of a per-device direct link to the net_device, which leads to a KASAN-detected slab-use-after-free exception during the siw_query_port() call. The issue affects Linux kernel versions incorporating the vulnerable RDMA/siw code prior to the application of the fixing commits.

A local attacker with low privileges (PR:L) can exploit this vulnerability with low attack complexity (AC:L) and no user interaction required (UI:N). Successful exploitation grants high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), with an overall CVSS v3.1 base score of 7.8. This could potentially allow the attacker to execute arbitrary code, corrupt kernel memory, or cause denial of service in the affected system.

Kernel patches addressing the vulnerability are available in the provided commit references: https://git.kernel.org/stable/c/16b87037b48889d21854c8e97aec8a1baf2642b3 and https://git.kernel.org/stable/c/4eafeb4f021c50d13f199239d913b37de3c83135. These commits remove the direct per-device link to net_device, instead relying on the associated ib_devices' net_device management to prevent the double effort and use-after-free condition. Security practitioners should update to kernels including these fixes.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Remove direct link to net_device Do not manage a per device direct link to net_device. Rely on associated ib_devices net_device management, not doubling the effort locally. A badly managed…

more

local link to net_device was causing a 'KASAN: slab-use-after-free' exception during siw_query_port() call.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local kernel use-after-free in RDMA/siw directly enables privilege escalation via arbitrary code execution or memory corruption from low-privileged context.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-23111Same product: Linux Linux Kernel
CVE-2026-31530Same product: Linux Linux Kernel
CVE-2026-43019Same product: Linux Linux Kernel
CVE-2026-23158Same product: Linux Linux Kernel
CVE-2025-21893Same product: Linux Linux Kernel
CVE-2026-31446Same product: Linux Linux Kernel
CVE-2026-31650Same product: Linux Linux Kernel
CVE-2026-23001Same product: Linux Linux Kernel
CVE-2024-50051Same product: Linux Linux Kernel
CVE-2025-21759Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
6.13 · 5.3 — 6.12.9

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely flaw remediation through kernel patching directly resolves the use-after-free vulnerability in the RDMA/siw subsystem as provided in the referenced commits.

prevent

Memory protection mechanisms such as KASLR and stack-smashing protections mitigate exploitation of the use-after-free error during siw_query_port() calls.

detect

Vulnerability scanning identifies the presence of CVE-2024-57857 in vulnerable Linux kernel versions incorporating the flawed RDMA/siw code.

References