Cyber Resilience

CVE-2024-57887

High

Published: 15 January 2025

Published
15 January 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 4.5th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57887 is a high-severity Use After Free (CWE-416) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 4.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-57887 is a use-after-free vulnerability (CWE-416) in the Linux kernel's DRM subsystem, specifically within the adv7511 driver. The issue arises because the host_node pointer is assigned and freed via of_node_put() in the adv7533_parse_dt() function, but the same pointer is later dereferenced in adv7533_attach_dsi(). This affects Linux kernel versions incorporating the vulnerable adv7511 driver code prior to the application of the referenced fixes.

A local attacker with low privileges (PR:L) can exploit this vulnerability with low attack complexity (AC:L) and no user interaction (UI:N), requiring only local access (AV:L) to the system. Successful exploitation grants high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), with an unchanged scope (S:U), potentially allowing arbitrary code execution in kernel context, data corruption, or system denial of service. The CVSS v3.1 base score is 7.8.

Mitigation requires updating to a patched Linux kernel version, as detailed in the stable branch commit references. The fixes drop the of_node_put() call from adv7533_parse_dt(), instead invoking it in the probe() function's error path and in the remove() function to prevent the use-after-free. Relevant patches are available at the provided kernel.org stable commit URLs.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: drm: adv7511: Fix use-after-free in adv7533_attach_dsi() The host_node pointer was assigned and freed in adv7533_parse_dt(), and later, adv7533_attach_dsi() uses the same. Fix this use-after-free issue by dropping of_node_put() in adv7533_parse_dt()…

more

and calling of_node_put() in error path of probe() and also in the remove().

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local kernel UAF in adv7511 driver enables arbitrary code execution with kernel privileges from low-privileged local access, directly mapping to exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-23111Same product: Linux Linux Kernel
CVE-2026-31530Same product: Linux Linux Kernel
CVE-2026-43019Same product: Linux Linux Kernel
CVE-2026-23158Same product: Linux Linux Kernel
CVE-2025-21893Same product: Linux Linux Kernel
CVE-2026-31446Same product: Linux Linux Kernel
CVE-2026-31650Same product: Linux Linux Kernel
CVE-2026-23001Same product: Linux Linux Kernel
CVE-2024-50051Same product: Linux Linux Kernel
CVE-2025-21759Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
6.13 · 4.8 — 6.1.125 · 6.2 — 6.6.70 · 6.7 — 6.12.9

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely identification, reporting, testing, and correction of flaws like the use-after-free vulnerability in the Linux kernel's adv7511 driver via patching.

detect

Enables scanning for and identification of known kernel vulnerabilities such as CVE-2024-57887 to initiate remediation.

prevent

Provides memory protection safeguards like address randomization that mitigate exploitation of use-after-free errors in kernel drivers.

References