PT-2024-31334 · Linux+6 · Linux Kernel+6

Published

2024-05-17

·

Updated

2025-09-29

·

CVE-2024-44967

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.50
Description The issue is related to the Linux kernel's DRM (Direct Rendering Manager) component, specifically the drm/mgag200 module. The problem arises when the devm add action or reset() function releases the I2C adapter, but the connector still refers to it, leaving behind a stale pointer in struct drm connector.ddc. To resolve this, the lifetime of the I2C adapter is bound to the connector's lifetime using DRM's managed release. When the DRM device is removed, it first cleans up the connector and then the I2C adapter.
Recommendations To resolve the issue, update the Linux kernel to version 6.6.50 or later. As a temporary workaround, consider disabling the devm add action or reset() function until a patch is available. Restrict access to the drm/mgag200 module to minimize the risk of exploitation. Avoid using the struct drm connector.ddc variable in the affected code until the issue is resolved.

Exploit

Fix

Use After Free

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-20

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-13979
ALT-PU-2024-14046
BDU:2024-06747
BDU:2025-01953
CVE-2024-44967
DLA-4008-1
MGASA-2024-0309
MGASA-2024-0310
OESA-2024-2181
OPENSUSE-SU-2024_3551-1
OPENSUSE-SU-2024_3561-1
OPENSUSE-SU-2024_3564-1
OPENSUSE-SU-2024_3587-1
OPENSUSE-SU-2024_3592-1
SUSE-SU-2024:3551-1
SUSE-SU-2024:3553-1
SUSE-SU-2024:3561-1
SUSE-SU-2024:3564-1
SUSE-SU-2024:3569-1
SUSE-SU-2024:3587-1
SUSE-SU-2024:3592-1
SUSE-SU-2025:20073-1
SUSE-SU-2025:20077-1
USN-7154-1
USN-7154-2
USN-7155-1
USN-7156-1
USN-7196-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu