PT-2025-3612 · Linux+7 · Linux Kernel+7

Biju Das

·

Published

2024-12-20

·

Updated

2026-05-26

·

CVE-2024-57887

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74
Description A use-after-free issue was found in the Linux kernel, specifically in the adv7533 attach dsi() function. The host node pointer was assigned and freed in adv7533 parse dt(), and later used in adv7533 attach dsi(). This issue was resolved by removing of node put() in adv7533 parse dt() and calling of node put() in the error path of probe() and also in remove().
Recommendations For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider disabling the adv7533 attach dsi() function until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the host node pointer in the affected code path until the issue is resolved.

Exploit

Fix

DoS

Use After Free

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2025-12647
ALT-PU-2025-1861
ALT-PU-2025-1925
ALT-PU-2025-3483
ALT-PU-2025-3507
AZL-55831
BDU:2025-02843
CVE-2024-57887
DLA-4075-1
DLA-4076-1
DSA-5860-1
MGASA-2025-0030
MGASA-2025-0032
OESA-2025-1112
OESA-2025-1113
OESA-2025-1114
OPENSUSE-SU-2025_0428-1
OPENSUSE-SU-2025_0499-1
OPENSUSE-SU-2025_0557-1
SUSE-SU-2025:0236-1
SUSE-SU-2025:0289-1
SUSE-SU-2025:0428-1
SUSE-SU-2025:0499-1
SUSE-SU-2025:0557-1
SUSE-SU-2025:20165-1
SUSE-SU-2025:20166-1
SUSE-SU-2025:20248-1
SUSE-SU-2025:20249-1
SUSE-SU-2025_0236-1
SUSE-SU-2025_0428-1
SUSE-SU-2025_0499-1
SUSE-SU-2025_0557-1
USN-7379-1
USN-7379-2
USN-7380-1
USN-7381-1
USN-7382-1
USN-7513-1
USN-7513-2
USN-7513-3
USN-7513-4
USN-7513-5
USN-7514-1
USN-7515-1
USN-7515-2
USN-7522-1
USN-7523-1
USN-7524-1

Affected Products

Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu