CVE-2024-39495: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: greybus: Fix use-after-free bug in gb_interface_release due to race condition. In gb_interface_create, &intf->mode_switch_completion is bound with gb_interface_mode_switch_work. Then it will be started by gb_interface_request_mode_switch. Here is the relevant code. if (!queue_work(system_long_wq, &intf->mode_switch_work)) { ... } If we call gb_interface_release to make cleanup, there may be an unfinished work. This function will call kfree to free the object "intf". However, if gb_interface_mode_switch_work is scheduled to run after kfree, it may cause use-after-free error as gb_interface_mode_switch_work will use the object "intf". The possible execution flow that may lead to the issue is as follows: CPU0 CPU1 | gb_interface_create | gb_interface_request_mode_switch gb_interface_release | kfree(intf) (free) | | gb_interface_mode_switch_work | mutex_lock(&intf->mutex) (use) Fix it by canceling the work before kfree.
AI Analysis
Technical Summary
CVE-2024-39495 is a high-severity use-after-free vulnerability found in the Linux kernel's Greybus subsystem, specifically within the handling of the gb_interface object. Greybus is a protocol designed for modular hardware components, and the vulnerability arises due to a race condition between the scheduling and execution of work items related to mode switching and the release (cleanup) of the interface object. The issue occurs because the function gb_interface_release frees the memory of the interface object (intf) via kfree without ensuring that any pending work items (gb_interface_mode_switch_work) that access this object have completed. If the work item executes after the object has been freed, it results in a use-after-free condition (CWE-416), which can lead to memory corruption, crashes, or potentially arbitrary code execution. The vulnerability is triggered by concurrent execution flows on different CPUs where one CPU initiates the mode switch work while another CPU frees the interface object. The fix involves canceling or ensuring completion of the scheduled work before freeing the object to prevent access to freed memory. The CVSS 3.1 score of 7.8 reflects the vulnerability's high impact on confidentiality, integrity, and availability, requiring low privileges and no user interaction, but local access to the system. There are no known exploits in the wild at the time of publication, but the vulnerability affects multiple Linux kernel versions identified by specific commit hashes.
Potential Impact
For European organizations, this vulnerability poses a significant risk, especially for those relying on Linux-based systems in critical infrastructure, industrial control systems, embedded devices, or modular hardware environments where Greybus is used. Exploitation could allow an attacker with local access and low privileges to execute arbitrary code with kernel-level permissions, leading to full system compromise. This could result in data breaches, disruption of services, or sabotage of operational technology. Given the widespread use of Linux in servers, cloud environments, and embedded systems across Europe, the vulnerability could impact sectors such as telecommunications, manufacturing, healthcare, and government services. The high severity and potential for privilege escalation make timely patching essential to prevent attackers from leveraging this flaw to gain persistent and powerful footholds within networks.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions where this vulnerability is patched. Since the fix involves canceling scheduled work before freeing objects, applying the official kernel patches or upgrading to the latest stable kernel releases is critical. For environments where immediate patching is not feasible, organizations should restrict local access to trusted users only and monitor for unusual kernel activity or crashes that might indicate exploitation attempts. Additionally, employing kernel hardening techniques such as Kernel Address Space Layout Randomization (KASLR), Control Flow Integrity (CFI), and enabling kernel lockdown modes can reduce exploitation risk. System administrators should audit Greybus usage and consider disabling it if not required. Finally, integrating this vulnerability into vulnerability management and incident response workflows will help ensure rapid detection and remediation.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland, Belgium
CVE-2024-39495: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: greybus: Fix use-after-free bug in gb_interface_release due to race condition. In gb_interface_create, &intf->mode_switch_completion is bound with gb_interface_mode_switch_work. Then it will be started by gb_interface_request_mode_switch. Here is the relevant code. if (!queue_work(system_long_wq, &intf->mode_switch_work)) { ... } If we call gb_interface_release to make cleanup, there may be an unfinished work. This function will call kfree to free the object "intf". However, if gb_interface_mode_switch_work is scheduled to run after kfree, it may cause use-after-free error as gb_interface_mode_switch_work will use the object "intf". The possible execution flow that may lead to the issue is as follows: CPU0 CPU1 | gb_interface_create | gb_interface_request_mode_switch gb_interface_release | kfree(intf) (free) | | gb_interface_mode_switch_work | mutex_lock(&intf->mutex) (use) Fix it by canceling the work before kfree.
AI-Powered Analysis
Technical Analysis
CVE-2024-39495 is a high-severity use-after-free vulnerability found in the Linux kernel's Greybus subsystem, specifically within the handling of the gb_interface object. Greybus is a protocol designed for modular hardware components, and the vulnerability arises due to a race condition between the scheduling and execution of work items related to mode switching and the release (cleanup) of the interface object. The issue occurs because the function gb_interface_release frees the memory of the interface object (intf) via kfree without ensuring that any pending work items (gb_interface_mode_switch_work) that access this object have completed. If the work item executes after the object has been freed, it results in a use-after-free condition (CWE-416), which can lead to memory corruption, crashes, or potentially arbitrary code execution. The vulnerability is triggered by concurrent execution flows on different CPUs where one CPU initiates the mode switch work while another CPU frees the interface object. The fix involves canceling or ensuring completion of the scheduled work before freeing the object to prevent access to freed memory. The CVSS 3.1 score of 7.8 reflects the vulnerability's high impact on confidentiality, integrity, and availability, requiring low privileges and no user interaction, but local access to the system. There are no known exploits in the wild at the time of publication, but the vulnerability affects multiple Linux kernel versions identified by specific commit hashes.
Potential Impact
For European organizations, this vulnerability poses a significant risk, especially for those relying on Linux-based systems in critical infrastructure, industrial control systems, embedded devices, or modular hardware environments where Greybus is used. Exploitation could allow an attacker with local access and low privileges to execute arbitrary code with kernel-level permissions, leading to full system compromise. This could result in data breaches, disruption of services, or sabotage of operational technology. Given the widespread use of Linux in servers, cloud environments, and embedded systems across Europe, the vulnerability could impact sectors such as telecommunications, manufacturing, healthcare, and government services. The high severity and potential for privilege escalation make timely patching essential to prevent attackers from leveraging this flaw to gain persistent and powerful footholds within networks.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions where this vulnerability is patched. Since the fix involves canceling scheduled work before freeing objects, applying the official kernel patches or upgrading to the latest stable kernel releases is critical. For environments where immediate patching is not feasible, organizations should restrict local access to trusted users only and monitor for unusual kernel activity or crashes that might indicate exploitation attempts. Additionally, employing kernel hardening techniques such as Kernel Address Space Layout Randomization (KASLR), Control Flow Integrity (CFI), and enabling kernel lockdown modes can reduce exploitation risk. System administrators should audit Greybus usage and consider disabling it if not required. Finally, integrating this vulnerability into vulnerability management and incident response workflows will help ensure rapid detection and remediation.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-06-25T14:23:23.751Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9829c4522896dcbe2d6b
Added to database: 5/21/2025, 9:08:57 AM
Last enriched: 7/3/2025, 1:10:46 AM
Last updated: 8/11/2025, 8:07:22 AM
Views: 13
Related Threats
CVE-2025-9053: SQL Injection in projectworlds Travel Management System
MediumCVE-2025-9052: SQL Injection in projectworlds Travel Management System
MediumPlex warns users to patch security vulnerability immediately
HighCVE-2025-9019: Heap-based Buffer Overflow in tcpreplay
LowCVE-2025-9017: Cross Site Scripting in PHPGurukul Zoo Management System
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.