CVE-2024-57984
Published: 27 February 2025
Summary
CVE-2024-57984 is a high-severity Use After Free (CWE-416) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 3.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-7 (Least Functionality).
Deeper analysis
CVE-2024-57984 is a use-after-free vulnerability in the Linux kernel's dw_i3c_master driver within the I3C subsystem. The issue arises from a race condition during module removal: in dw_i3c_common_probe, the master->hj_work is queued with dw_i3c_hj_work, and the dw_i3c_master_irq_handler can trigger it via dw_i3c_master_irq_handle_ibis. If the module is unloaded via dw_i3c_common_remove, it calls i3c_master_unregister and device_unregister, freeing master->base while the work item may still execute and access it, such as in i3c_master_do_daa.
A local attacker with low privileges can exploit this vulnerability, as indicated by its CVSS v3.1 score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Exploitation requires triggering the race condition between IRQ handling and module cleanup, potentially allowing arbitrary code execution, data corruption, or denial of service through the use-after-free on the freed master->base structure (CWE-416).
The provided kernel patch references detail the mitigation: commits in the stable kernel repository (e.g., 60d2fb033a99, 9b0063098fcd) fix the issue by canceling the hj_work before proceeding with cleanup in dw_i3c_common_remove, preventing the use-after-free during the race. Systems should apply these upstream stable kernel updates to affected versions.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-5264
Vulnerability details
In the Linux kernel, the following vulnerability has been resolved: i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition In dw_i3c_common_probe, &master->hj_work is bound with dw_i3c_hj_work. And dw_i3c_master_irq_handler can call dw_i3c_master_irq_handle_ibis function to start the work. If we…
more
remove the module which will call dw_i3c_common_remove to make cleanup, it will free master->base through i3c_master_unregister while the work mentioned above will be used. The sequence of operations that may lead to a UAF bug is as follows: CPU0 CPU1 | dw_i3c_hj_work dw_i3c_common_remove | i3c_master_unregister(&master->base) | device_unregister(&master->dev) | device_release | //free master->base | | i3c_master_do_daa(&master->base) | //use master->base Fix it by ensuring that the work is canceled before proceeding with the cleanup in dw_i3c_common_remove.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local kernel use-after-free in I3C driver directly enables privilege escalation via exploitation of the race condition for arbitrary code execution from low-privileged context.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the use-after-free by requiring timely application of the kernel patch that cancels hj_work before freeing master->base during module removal.
Prevents exposure to the vulnerable dw_i3c_master driver by restricting the kernel to least functionality, disabling unnecessary I3C modules.
Identifies affected kernel versions through vulnerability scanning, enabling detection of CVE-2024-57984 and initiation of remediation.