Cyber Resilience

CVE-2024-58004

High

Published: 27 February 2025

Published
27 February 2025
Modified
23 October 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 3.9th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-58004 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 3.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-11 (Error Handling) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-58004 is a vulnerability in the Linux kernel's media subsystem, specifically the Intel IPU6 driver. The issue arises from a failure to remove a CPU latency QoS request on error paths before freeing the corresponding memory, leading to CPU latency QoS list corruption. This manifests as a list_add corruption error, as evidenced by kernel warnings such as "list_add corruption. prev->next should be next (ffffffff9645e960), but was 0000000100100001," triggered during operations like intel_dp_aux_xfer in the i915 driver. The vulnerability is classified under CWE-787 (Out-of-bounds Write) with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

A local attacker with low privileges can exploit this vulnerability by triggering the error path in the Intel IPU6 driver. Exploitation requires low complexity and no user interaction, potentially allowing the attacker to corrupt kernel QoS lists. This can result in high-impact consequences, including unauthorized access to sensitive data (high confidentiality), modification of system integrity (high integrity), and disruption of system availability (high availability), such as kernel panics or further compromise.

Mitigation involves applying upstream patches from the Linux kernel stable repository, including commits such as 1496ec94bd38bdb25ca13b1dd4f8e7a6176ea89d, 95275736185ecb71dc97a71d8d9d19e4ffb0a9eb, and facb541ff0805314e0b56e508f7d3cbd07af513c, which fix the QoS request removal on error paths in the ipu6 driver. Security practitioners should update affected Linux kernels to incorporate these fixes.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: media: intel/ipu6: remove cpu latency qos request on error Fix cpu latency qos list corruption like below. It happens when we do not remove cpu latency request on error path…

more

and free corresponding memory. [ 30.634378] l7 kernel: list_add corruption. prev->next should be next (ffffffff9645e960), but was 0000000100100001. (prev=ffff8e9e877e20a8). [ 30.634388] l7 kernel: WARNING: CPU: 2 PID: 2008 at lib/list_debug.c:32 __list_add_valid_or_report+0x83/0xa0 <snip> [ 30.634640] l7 kernel: Call Trace: [ 30.634650] l7 kernel: <TASK> [ 30.634659] l7 kernel: ? __list_add_valid_or_report+0x83/0xa0 [ 30.634669] l7 kernel: ? __warn.cold+0x93/0xf6 [ 30.634678] l7 kernel: ? __list_add_valid_or_report+0x83/0xa0 [ 30.634690] l7 kernel: ? report_bug+0xff/0x140 [ 30.634702] l7 kernel: ? handle_bug+0x58/0x90 [ 30.634712] l7 kernel: ? exc_invalid_op+0x17/0x70 [ 30.634723] l7 kernel: ? asm_exc_invalid_op+0x1a/0x20 [ 30.634733] l7 kernel: ? __list_add_valid_or_report+0x83/0xa0 [ 30.634742] l7 kernel: plist_add+0xdd/0x140 [ 30.634754] l7 kernel: pm_qos_update_target+0xa0/0x1f0 [ 30.634764] l7 kernel: cpu_latency_qos_update_request+0x61/0xc0 [ 30.634773] l7 kernel: intel_dp_aux_xfer+0x4c7/0x6e0 [i915 1f824655ed04687c2b0d23dbce759fa785f6d033]

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local kernel memory corruption in IPU6 driver enables privilege escalation from low-privileged user via error-path QoS list corruption (CWE-787).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-71137Same product: Linux Linux Kernel
CVE-2026-31772Same product: Linux Linux Kernel
CVE-2026-23378Same product: Linux Linux Kernel
CVE-2026-31494Same product: Linux Linux Kernel
CVE-2025-21735Same product: Linux Linux Kernel
CVE-2025-21650Same product: Linux Linux Kernel
CVE-2024-52319Same product: Linux Linux Kernel
CVE-2024-58003Same product: Linux Linux Kernel
CVE-2026-23343Same product: Linux Linux Kernel
CVE-2026-23092Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
6.10 — 6.12.14 · 6.13 — 6.13.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

preventrecover

Directly mitigates the vulnerability by requiring timely identification, reporting, and patching of the Intel IPU6 driver flaw causing QoS list corruption.

prevent

Addresses the root cause by enforcing secure error handling that prevents resource leaks and memory corruption on error paths in the kernel driver.

prevent

Provides kernel memory protection mechanisms that limit the impact of list corruption and potential out-of-bounds writes.

References