CVE-2024-57980
Published: 27 February 2025
Summary
CVE-2024-57980 is a high-severity Double Free (CWE-415) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 3.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-11 (Error Handling).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-2 requires timely identification, reporting, and correction of flaws such as the double-free in uvc_status_init(), directly mitigated by applying the kernel patch that resets the dev->status pointer to NULL.
SI-11 ensures the system handles errors securely without compromising integrity, addressing the improper error path in uvc_status_init() that fails to reset the freed pointer.
SI-16 implements system-level memory protections that mitigate exploitation of double-free vulnerabilities like CVE-2024-57980 by restricting unauthorized memory access and modifications.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Double-free in kernel USB driver directly enables local memory corruption leading to privilege escalation.
NVD Description
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix double free in error path If the uvc_status_init() function fails to allocate the int_urb, it will free the dev->status pointer but doesn't reset the pointer to NULL.…
more
This results in the kfree() call in uvc_status_cleanup() trying to double-free the memory. Fix it by resetting the dev->status pointer to NULL after freeing it. Reviewed by: Ricardo Ribalda <ribalda@chromium.org>
Deeper analysisAI
CVE-2024-57980 is a double-free vulnerability in the Linux kernel's uvcvideo driver, which supports USB Video Class (UVC) devices such as webcams. The flaw arises in the error path of the uvc_status_init() function: if allocation of the int_urb fails, the function frees the dev->status pointer without resetting it to NULL. This results in a subsequent kfree() call in uvc_status_cleanup() attempting to double-free the same memory, as tracked under CWE-415.
The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating it is exploitable by a local attacker with low privileges and low complexity, requiring no user interaction and running with unchanged scope. Successful exploitation could allow the attacker to achieve high impacts on confidentiality, integrity, and availability, potentially leading to memory corruption, kernel crashes, or privilege escalation.
Mitigation involves applying patches merged into Linux kernel stable trees, as detailed in the following commit references: https://git.kernel.org/stable/c/3ba8884a56a3eb97c22f0ce0e4dd410d4ca4c277, https://git.kernel.org/stable/c/6c36dcd662ec5276782838660f8533a7cb26be49, https://git.kernel.org/stable/c/87522ef165e5b6de8ef98cc318f3335166a1512c, https://git.kernel.org/stable/c/9232719ac9ce4d5c213cebda23d72aec3e1c4c0d, and https://git.kernel.org/stable/c/c6ef3a7fa97ec823a1e1af9085cf13db9f7b3bac. The fix resets the dev->status pointer to NULL after freeing it in the error path. Security practitioners should ensure systems with UVC devices update to patched kernel versions promptly.
Details
- CWE(s)