PT-2024-30294 · Linux+6 · Linux Kernel+6

Defa Li

·

Published

2024-11-07

·

Updated

2025-10-03

·

CVE-2024-43098

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74
Description A deadlock may occur in the Linux kernel due to the i3c master register() function acquiring the &i3cbus->lock twice. This can happen when the i3c device get info() function is called, which can lead to a deadlock. The issue is resolved by using i3cdev->desc->info instead of calling i3c device get info() to avoid acquiring the lock twice. The vulnerability is actively being exploited.
Recommendations To resolve the issue, update the Linux kernel to version 6.6.74 or later. As a temporary workaround, consider disabling the i3c device get info() function until a patch is available. Restrict access to the i3c bus normaluse lock function to minimize the risk of exploitation. Avoid using the i3c device uevent function in the affected API endpoint until the issue is resolved.

Exploit

Fix

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-833CWE-667

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2024-17881
ALT-PU-2024-17897
ALT-PU-2025-12647
AZL-56306
AZL-56321
BDU:2025-02964
CVE-2024-43098
DLA-4075-1
DLA-4076-1
MGASA-2025-0030
MGASA-2025-0032
OESA-2025-1110
OESA-2025-1111
USN-7379-1
USN-7379-2
USN-7380-1
USN-7381-1
USN-7382-1
USN-7387-1
USN-7387-2
USN-7387-3
USN-7388-1
USN-7389-1
USN-7390-1
USN-7391-1
USN-7392-1
USN-7392-2
USN-7392-3
USN-7392-4
USN-7393-1
USN-7401-1
USN-7407-1
USN-7413-1
USN-7421-1
USN-7449-1
USN-7449-2
USN-7450-1
USN-7451-1
USN-7452-1
USN-7453-1
USN-7458-1
USN-7459-1
USN-7459-2
USN-7463-1
USN-7468-1
USN-7523-1
USN-7524-1
USN-7539-1
USN-7540-1

Affected Products

Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Ubuntu