CVE-2024-50061: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition In the cdns_i3c_master_probe function, &master->hj_work is bound with cdns_i3c_master_hj. And cdns_i3c_master_interrupt can call cnds_i3c_master_demux_ibis function to start the work. If we remove the module which will call cdns_i3c_master_remove to make cleanup, it will free master->base through i3c_master_unregister while the work mentioned above will be used. The sequence of operations that may lead to a UAF bug is as follows: CPU0 CPU1 | cdns_i3c_master_hj cdns_i3c_master_remove | i3c_master_unregister(&master->base) | device_unregister(&master->dev) | device_release | //free master->base | | i3c_master_do_daa(&master->base) | //use master->base Fix it by ensuring that the work is canceled before proceeding with the cleanup in cdns_i3c_master_remove.
AI Analysis
Technical Summary
CVE-2024-50061 is a use-after-free (UAF) vulnerability identified in the Linux kernel's cdns_i3c_master driver, which manages the Cadence I3C master controller. The vulnerability arises due to a race condition between the asynchronous work queue handling and the module removal process. Specifically, the cdns_i3c_master_probe function binds a work struct (master->hj_work) to a handler (cdns_i3c_master_hj). Concurrently, the interrupt handler cdns_i3c_master_interrupt can trigger the work via cdns_i3c_master_demux_ibis. When the driver module is removed, the cdns_i3c_master_remove function initiates cleanup by unregistering the I3C master and releasing the device, which frees the master->base structure. However, if the asynchronous work is still pending or executing, it may attempt to access the now-freed master->base, leading to a use-after-free condition. This can cause kernel memory corruption, crashes (denial of service), or potentially allow an attacker to execute arbitrary code in kernel context if exploited. The fix involves ensuring that the asynchronous work is properly canceled before the cleanup proceeds, preventing any access to freed memory. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability poses a significant risk primarily to systems running Linux kernels with the affected cdns_i3c_master driver enabled. The I3C interface is used in embedded and IoT devices, as well as some industrial and telecommunications equipment. Exploitation could lead to system instability, crashes, or privilege escalation on affected devices, potentially disrupting critical infrastructure or services. Organizations relying on Linux-based embedded systems in sectors such as manufacturing, telecommunications, or critical infrastructure could face operational disruptions. Additionally, if exploited in multi-tenant environments or cloud infrastructure, it could allow attackers to escape container or VM isolation, threatening confidentiality and integrity of data. Although no exploits are known yet, the race condition nature of the bug means it could be triggered under specific timing conditions, making it a moderate to high risk for targeted attacks.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address CVE-2024-50061 as soon as they become available, ensuring the asynchronous work is canceled before module removal. 2. For systems where immediate patching is not feasible, consider disabling or unloading the cdns_i3c_master driver if it is not required. 3. Implement strict access controls and monitoring on systems using the affected driver to detect unusual kernel crashes or suspicious activity indicative of exploitation attempts. 4. Employ kernel hardening techniques such as Kernel Address Space Layout Randomization (KASLR) and Control Flow Integrity (CFI) to reduce exploitation likelihood. 5. In environments using containerization or virtualization, ensure isolation boundaries are robust and monitor for kernel-level anomalies. 6. Maintain up-to-date inventories of devices using the affected driver to prioritize patch deployment and risk assessment.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden, Finland
CVE-2024-50061: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition In the cdns_i3c_master_probe function, &master->hj_work is bound with cdns_i3c_master_hj. And cdns_i3c_master_interrupt can call cnds_i3c_master_demux_ibis function to start the work. If we remove the module which will call cdns_i3c_master_remove to make cleanup, it will free master->base through i3c_master_unregister while the work mentioned above will be used. The sequence of operations that may lead to a UAF bug is as follows: CPU0 CPU1 | cdns_i3c_master_hj cdns_i3c_master_remove | i3c_master_unregister(&master->base) | device_unregister(&master->dev) | device_release | //free master->base | | i3c_master_do_daa(&master->base) | //use master->base Fix it by ensuring that the work is canceled before proceeding with the cleanup in cdns_i3c_master_remove.
AI-Powered Analysis
Technical Analysis
CVE-2024-50061 is a use-after-free (UAF) vulnerability identified in the Linux kernel's cdns_i3c_master driver, which manages the Cadence I3C master controller. The vulnerability arises due to a race condition between the asynchronous work queue handling and the module removal process. Specifically, the cdns_i3c_master_probe function binds a work struct (master->hj_work) to a handler (cdns_i3c_master_hj). Concurrently, the interrupt handler cdns_i3c_master_interrupt can trigger the work via cdns_i3c_master_demux_ibis. When the driver module is removed, the cdns_i3c_master_remove function initiates cleanup by unregistering the I3C master and releasing the device, which frees the master->base structure. However, if the asynchronous work is still pending or executing, it may attempt to access the now-freed master->base, leading to a use-after-free condition. This can cause kernel memory corruption, crashes (denial of service), or potentially allow an attacker to execute arbitrary code in kernel context if exploited. The fix involves ensuring that the asynchronous work is properly canceled before the cleanup proceeds, preventing any access to freed memory. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability poses a significant risk primarily to systems running Linux kernels with the affected cdns_i3c_master driver enabled. The I3C interface is used in embedded and IoT devices, as well as some industrial and telecommunications equipment. Exploitation could lead to system instability, crashes, or privilege escalation on affected devices, potentially disrupting critical infrastructure or services. Organizations relying on Linux-based embedded systems in sectors such as manufacturing, telecommunications, or critical infrastructure could face operational disruptions. Additionally, if exploited in multi-tenant environments or cloud infrastructure, it could allow attackers to escape container or VM isolation, threatening confidentiality and integrity of data. Although no exploits are known yet, the race condition nature of the bug means it could be triggered under specific timing conditions, making it a moderate to high risk for targeted attacks.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address CVE-2024-50061 as soon as they become available, ensuring the asynchronous work is canceled before module removal. 2. For systems where immediate patching is not feasible, consider disabling or unloading the cdns_i3c_master driver if it is not required. 3. Implement strict access controls and monitoring on systems using the affected driver to detect unusual kernel crashes or suspicious activity indicative of exploitation attempts. 4. Employ kernel hardening techniques such as Kernel Address Space Layout Randomization (KASLR) and Control Flow Integrity (CFI) to reduce exploitation likelihood. 5. In environments using containerization or virtualization, ensure isolation boundaries are robust and monitor for kernel-level anomalies. 6. Maintain up-to-date inventories of devices using the affected driver to prioritize patch deployment and risk assessment.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-10-21T19:36:19.939Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9824c4522896dcbdfe1e
Added to database: 5/21/2025, 9:08:52 AM
Last enriched: 6/28/2025, 4:42:19 PM
Last updated: 8/7/2025, 6:18:00 PM
Views: 14
Related Threats
CVE-2025-9053: SQL Injection in projectworlds Travel Management System
MediumCVE-2025-9052: SQL Injection in projectworlds Travel Management System
MediumPlex warns users to patch security vulnerability immediately
HighCVE-2025-9019: Heap-based Buffer Overflow in tcpreplay
LowCVE-2025-9017: Cross Site Scripting in PHPGurukul Zoo Management System
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.