CVE-2024-57887
Published: 15 January 2025
Summary
CVE-2024-57887 is a high-severity Use After Free (CWE-416) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 4.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-57887 is a use-after-free vulnerability (CWE-416) in the Linux kernel's DRM subsystem, specifically within the adv7511 driver. The issue arises because the host_node pointer is assigned and freed via of_node_put() in the adv7533_parse_dt() function, but the same pointer is later dereferenced in adv7533_attach_dsi(). This affects Linux kernel versions incorporating the vulnerable adv7511 driver code prior to the application of the referenced fixes.
A local attacker with low privileges (PR:L) can exploit this vulnerability with low attack complexity (AC:L) and no user interaction (UI:N), requiring only local access (AV:L) to the system. Successful exploitation grants high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), with an unchanged scope (S:U), potentially allowing arbitrary code execution in kernel context, data corruption, or system denial of service. The CVSS v3.1 base score is 7.8.
Mitigation requires updating to a patched Linux kernel version, as detailed in the stable branch commit references. The fixes drop the of_node_put() call from adv7533_parse_dt(), instead invoking it in the probe() function's error path and in the remove() function to prevent the use-after-free. Relevant patches are available at the provided kernel.org stable commit URLs.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-53790
Vulnerability details
In the Linux kernel, the following vulnerability has been resolved: drm: adv7511: Fix use-after-free in adv7533_attach_dsi() The host_node pointer was assigned and freed in adv7533_parse_dt(), and later, adv7533_attach_dsi() uses the same. Fix this use-after-free issue by dropping of_node_put() in adv7533_parse_dt()…
more
and calling of_node_put() in error path of probe() and also in the remove().
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local kernel UAF in adv7511 driver enables arbitrary code execution with kernel privileges from low-privileged local access, directly mapping to exploitation for privilege escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely identification, reporting, testing, and correction of flaws like the use-after-free vulnerability in the Linux kernel's adv7511 driver via patching.
Enables scanning for and identification of known kernel vulnerabilities such as CVE-2024-57887 to initiate remediation.
Provides memory protection safeguards like address randomization that mitigate exploitation of use-after-free errors in kernel drivers.