CVE-2024-57887
Published: 15 January 2025
Description
In the Linux kernel, the following vulnerability has been resolved: drm: adv7511: Fix use-after-free in adv7533_attach_dsi() The host_node pointer was assigned and freed in adv7533_parse_dt(), and later, adv7533_attach_dsi() uses the same. Fix this use-after-free issue by dropping of_node_put() in adv7533_parse_dt() and calling of_node_put() in error path of probe() and also in the remove().
Security Summary
CVE-2024-57887 is a use-after-free vulnerability (CWE-416) in the Linux kernel's DRM subsystem, specifically within the adv7511 driver. The issue arises because the host_node pointer is assigned and freed via of_node_put() in the adv7533_parse_dt() function, but the same pointer is later dereferenced in adv7533_attach_dsi(). This affects Linux kernel versions incorporating the vulnerable adv7511 driver code prior to the application of the referenced fixes.
A local attacker with low privileges (PR:L) can exploit this vulnerability with low attack complexity (AC:L) and no user interaction (UI:N), requiring only local access (AV:L) to the system. Successful exploitation grants high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), with an unchanged scope (S:U), potentially allowing arbitrary code execution in kernel context, data corruption, or system denial of service. The CVSS v3.1 base score is 7.8.
Mitigation requires updating to a patched Linux kernel version, as detailed in the stable branch commit references. The fixes drop the of_node_put() call from adv7533_parse_dt(), instead invoking it in the probe() function's error path and in the remove() function to prevent the use-after-free. Relevant patches are available at the provided kernel.org stable commit URLs.
Details
- CWE(s)