PT-2024-5436 · Linux+6 · Linux Kernel+6

Published

2024-04-18

·

Updated

2026-03-14

·

CVE-2024-39479

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The vulnerability is related to the drm/i915/hwmon module in the Linux kernel. It occurs when both hwmon and hwmon drvdata are device-managed resources, and the expectation is that hwmon will be released before drvdata during device unbind. However, in the i915 module, there are two separate code paths that release either drvdata or hwmon, and either can be released before the other. This can lead to a use-after-free (uaf) issue if hwmon sysfs is accessed when drvdata has been released but hwmon hasn't. The only way to resolve this issue is to get rid of devm and release/free everything explicitly during device unbind.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2024-10855
ALT-PU-2024-13979
BDU:2024-06085
CVE-2024-39479
ECHO-1720-E1F1-D175
INFSA-2024_9315
MGASA-2024-0263
MGASA-2024-0266
OESA-2024-1863
RHSA-2024:9315
RHSA-2024_9315
SUSE-SU-2024:2802-1
SUSE-SU-2024:2896-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:20008-1
SUSE-SU-2025:20028-1
USN-6999-1
USN-6999-2
USN-7004-1
USN-7005-1
USN-7005-2
USN-7008-1
USN-7029-1

Affected Products

Alt Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Suse
Ubuntu