PT-2025-3651 · Linux+4 · Linux Kernel+4

Published

2024-12-25

·

Updated

2025-10-03

·

CVE-2024-57926

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74
Description A use-after-free vulnerability has been resolved in the Linux kernel. The issue occurs in the drm/mediatek module when mtk drm bind returns an error, and the private->all drm private[i]->drm pointer is not set to NULL. This causes the drm atomic helper shutdown function to access previously allocated memory, resulting in a use-after-free error. The vulnerability is detected by KASAN (Kernel Address Sanitizer).
Recommendations To resolve the issue, update the Linux kernel to version 6.6.74 or later. As a temporary workaround, consider disabling the drm atomic helper shutdown function until a patch is available. However, this may have unintended consequences and should be used with caution. At the moment, there is no information about other workarounds or mitigation measures.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2025-12647
ALT-PU-2025-3467
ALT-PU-2025-3500
AZL-56127
BDU:2025-02797
CVE-2024-57926
MGASA-2025-0030
MGASA-2025-0032
OESA-2025-1093
OESA-2025-1097
OPENSUSE-SU-2025_0428-1
OPENSUSE-SU-2025_0499-1
OPENSUSE-SU-2025_0557-1
SUSE-SU-2025:0289-1
SUSE-SU-2025:0428-1
SUSE-SU-2025:0499-1
SUSE-SU-2025:0557-1
SUSE-SU-2025:20165-1
SUSE-SU-2025:20166-1
SUSE-SU-2025:20248-1
SUSE-SU-2025:20249-1
SUSE-SU-2025_0428-1
SUSE-SU-2025_0499-1
SUSE-SU-2025_0557-1
USN-7379-1
USN-7379-2
USN-7380-1
USN-7381-1
USN-7382-1
USN-7513-1
USN-7513-2
USN-7513-3
USN-7513-4
USN-7513-5
USN-7514-1
USN-7515-1
USN-7515-2
USN-7522-1
USN-7523-1
USN-7524-1

Affected Products

Alt Linux
Linuxmint
Linux Kernel
Suse
Ubuntu