CVE-2024-57984

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free issue has been identified in the Linux kernel, specifically in the dw i3c master driver, due to a race condition. The vulnerability occurs when the dw i3c common probe function binds &master->hj work with dw i3c hj work, and dw i3c master irq handler calls dw i3c master irq handle ibis to start the work. If the module is removed, dw i3c common remove is called, which frees master->base through i3c master unregister, while the work is still being used. This sequence of operations can lead to a use-after-free bug.

Recommendations To resolve this issue, ensure that the work is canceled before proceeding with the cleanup in dw i3c common remove. As a temporary workaround, consider disabling the dw i3c hj work function until a patch is available. Restrict access to the vulnerable dw i3c master driver to minimize the risk of exploitation. Avoid using the master->base variable in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.