PT-2024-26788 · Linux+6 · Linux Kernel+6

Published

2024-05-19

·

Updated

2026-05-26

·

CVE-2024-35932

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel version 6.1.66-v8+
Description The vulnerability is related to the drm/vc4 driver in the Linux kernel. When using non-blocking commits, a kernel warning may occur due to a refcount t underflow, which can lead to a use-after-free issue. This happens because the prepare fb and cleanup fb functions are perfectly balanced, but the check plane->state->fb == state->fb is not guaranteed to be consistent. The struct drm plane .state should not be accessed directly, but instead, the drm atomic get new plane state() helper function should be used.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

AZL-67691
BDU:2025-13353
CVE-2024-35932
OESA-2024-1737
OESA-2024-1738
SUSE-SU-2024:1979-1
SUSE-SU-2024:1983-1
SUSE-SU-2024:2008-1
SUSE-SU-2024:2019-1
SUSE-SU-2024:2135-1
SUSE-SU-2024:2184-1
SUSE-SU-2024:2190-1
SUSE-SU-2024:2203-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:20008-1
SUSE-SU-2025:20028-1
SUSE-SU-2025:20166-1
SUSE-SU-2025:20249-1
USN-6893-1
USN-6893-2
USN-6893-3
USN-6918-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu