Cyber Resilience

CVE-2024-57983

High

Published: 27 February 2025

Published
27 February 2025
Modified
01 October 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 6.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57983 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 6.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-57983 is a memory corruption vulnerability in the Linux kernel's th1520 mailbox driver, stemming from an incorrectly sized array used in the th1520_mbox_suspend_noirq and th1520_mbox_resume_noirq functions. These functions are designed to save and restore the four interrupt mask registers in the MBOX ICU0 during suspend and resume operations. Due to the array being undersized, accessing all four registers results in out-of-bounds memory writes, classified under CWE-787. The vulnerability carries a CVSS v3.1 base score of 7.8.

A local attacker with low privileges can exploit this issue with low complexity and no user interaction required, as indicated by the vector AV:L/AC:L/PR:L/UI:N/S:U. Successful exploitation enables high-impact confidentiality, integrity, and availability violations (C:H/I:H/A:H), potentially allowing arbitrary code execution, data tampering, or system crashes during kernel suspend/resume cycles on affected th1520 hardware.

The provided kernel patch references detail the mitigation: commits at https://git.kernel.org/stable/c/2cd12c7fba59f30369e8647a2b726c7280903304 and https://git.kernel.org/stable/c/db049866943a38bf46a34fa120d526663339d7a5 correct the array size to properly accommodate all four interrupt mask registers, preventing the out-of-bounds access during suspend and resume. Security practitioners should ensure systems using the th1520 mailbox driver apply these stable kernel updates promptly.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: mailbox: th1520: Fix memory corruption due to incorrect array size The functions th1520_mbox_suspend_noirq and th1520_mbox_resume_noirq are intended to save and restore the interrupt mask registers in the MBOX ICU0. However,…

more

the array used to store these registers was incorrectly sized, leading to memory corruption when accessing all four registers. This commit corrects the array size to accommodate all four interrupt mask registers, preventing memory corruption during suspend and resume operations.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Kernel memory corruption (out-of-bounds write) directly enables local privilege escalation to arbitrary code execution in kernel context.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-71137Same product: Linux Linux Kernel
CVE-2026-31772Same product: Linux Linux Kernel
CVE-2026-23378Same product: Linux Linux Kernel
CVE-2026-31494Same product: Linux Linux Kernel
CVE-2025-21735Same product: Linux Linux Kernel
CVE-2025-21650Same product: Linux Linux Kernel
CVE-2024-52319Same product: Linux Linux Kernel
CVE-2024-58003Same product: Linux Linux Kernel
CVE-2026-23343Same product: Linux Linux Kernel
CVE-2026-23092Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
6.13 — 6.13.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires identifying, reporting, and correcting the kernel flaw via patching the undersized array to prevent out-of-bounds memory corruption during suspend and resume operations.

prevent

Implements memory protection mechanisms that comprehensively mitigate exploitation of memory corruption vulnerabilities like the th1520 mailbox driver's array out-of-bounds writes.

detect

Vulnerability monitoring and scanning detects presence of CVE-2024-57983 in kernel versions on th1520 systems, enabling proactive patching.

References