Cyber Resilience

CVE-2024-57984

High

Published: 27 February 2025

Published
27 February 2025
Modified
24 March 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 3.0th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57984 is a high-severity Use After Free (CWE-416) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 3.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-7 (Least Functionality).

Deeper analysis

CVE-2024-57984 is a use-after-free vulnerability in the Linux kernel's dw_i3c_master driver within the I3C subsystem. The issue arises from a race condition during module removal: in dw_i3c_common_probe, the master->hj_work is queued with dw_i3c_hj_work, and the dw_i3c_master_irq_handler can trigger it via dw_i3c_master_irq_handle_ibis. If the module is unloaded via dw_i3c_common_remove, it calls i3c_master_unregister and device_unregister, freeing master->base while the work item may still execute and access it, such as in i3c_master_do_daa.

A local attacker with low privileges can exploit this vulnerability, as indicated by its CVSS v3.1 score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Exploitation requires triggering the race condition between IRQ handling and module cleanup, potentially allowing arbitrary code execution, data corruption, or denial of service through the use-after-free on the freed master->base structure (CWE-416).

The provided kernel patch references detail the mitigation: commits in the stable kernel repository (e.g., 60d2fb033a99, 9b0063098fcd) fix the issue by canceling the hj_work before proceeding with cleanup in dw_i3c_common_remove, preventing the use-after-free during the race. Systems should apply these upstream stable kernel updates to affected versions.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition In dw_i3c_common_probe, &master->hj_work is bound with dw_i3c_hj_work. And dw_i3c_master_irq_handler can call dw_i3c_master_irq_handle_ibis function to start the work. If we…

more

remove the module which will call dw_i3c_common_remove to make cleanup, it will free master->base through i3c_master_unregister while the work mentioned above will be used. The sequence of operations that may lead to a UAF bug is as follows: CPU0 CPU1 | dw_i3c_hj_work dw_i3c_common_remove | i3c_master_unregister(&master->base) | device_unregister(&master->dev) | device_release | //free master->base | | i3c_master_do_daa(&master->base) | //use master->base Fix it by ensuring that the work is canceled before proceeding with the cleanup in dw_i3c_common_remove.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local kernel use-after-free in I3C driver directly enables privilege escalation via exploitation of the race condition for arbitrary code execution from low-privileged context.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-23111Same product: Linux Linux Kernel
CVE-2026-31530Same product: Linux Linux Kernel
CVE-2026-43019Same product: Linux Linux Kernel
CVE-2026-23158Same product: Linux Linux Kernel
CVE-2025-21893Same product: Linux Linux Kernel
CVE-2026-31446Same product: Linux Linux Kernel
CVE-2026-31650Same product: Linux Linux Kernel
CVE-2026-23001Same product: Linux Linux Kernel
CVE-2024-50051Same product: Linux Linux Kernel
CVE-2025-21759Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
5.0 — 6.6.76 · 6.7 — 6.12.13 · 6.13 — 6.13.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the use-after-free by requiring timely application of the kernel patch that cancels hj_work before freeing master->base during module removal.

prevent

Prevents exposure to the vulnerable dw_i3c_master driver by restricting the kernel to least functionality, disabling unnecessary I3C modules.

detect

Identifies affected kernel versions through vulnerability scanning, enabling detection of CVE-2024-57984 and initiation of remediation.

References