CVE-2024-53068: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() The scmi_dev->name is released prematurely in __scmi_device_destroy(), which causes slab-use-after-free when accessing scmi_dev->name in scmi_bus_notifier(). So move the release of scmi_dev->name to scmi_device_release() to avoid slab-use-after-free. | BUG: KASAN: slab-use-after-free in strncmp+0xe4/0xec | Read of size 1 at addr ffffff80a482bcc0 by task swapper/0/1 | | CPU: 1 PID: 1 Comm: swapper/0 Not tainted 6.6.38-debug #1 | Hardware name: Qualcomm Technologies, Inc. SA8775P Ride (DT) | Call trace: | dump_backtrace+0x94/0x114 | show_stack+0x18/0x24 | dump_stack_lvl+0x48/0x60 | print_report+0xf4/0x5b0 | kasan_report+0xa4/0xec | __asan_report_load1_noabort+0x20/0x2c | strncmp+0xe4/0xec | scmi_bus_notifier+0x5c/0x54c | notifier_call_chain+0xb4/0x31c | blocking_notifier_call_chain+0x68/0x9c | bus_notify+0x54/0x78 | device_del+0x1bc/0x840 | device_unregister+0x20/0xb4 | __scmi_device_destroy+0xac/0x280 | scmi_device_destroy+0x94/0xd0 | scmi_chan_setup+0x524/0x750 | scmi_probe+0x7fc/0x1508 | platform_probe+0xc4/0x19c | really_probe+0x32c/0x99c | __driver_probe_device+0x15c/0x3c4 | driver_probe_device+0x5c/0x170 | __driver_attach+0x1c8/0x440 | bus_for_each_dev+0xf4/0x178 | driver_attach+0x3c/0x58 | bus_add_driver+0x234/0x4d4 | driver_register+0xf4/0x3c0 | __platform_driver_register+0x60/0x88 | scmi_driver_init+0xb0/0x104 | do_one_initcall+0xb4/0x664 | kernel_init_freeable+0x3c8/0x894 | kernel_init+0x24/0x1e8 | ret_from_fork+0x10/0x20 | | Allocated by task 1: | kasan_save_stack+0x2c/0x54 | kasan_set_track+0x2c/0x40 | kasan_save_alloc_info+0x24/0x34 | __kasan_kmalloc+0xa0/0xb8 | __kmalloc_node_track_caller+0x6c/0x104 | kstrdup+0x48/0x84 | kstrdup_const+0x34/0x40 | __scmi_device_create.part.0+0x8c/0x408 | scmi_device_create+0x104/0x370 | scmi_chan_setup+0x2a0/0x750 | scmi_probe+0x7fc/0x1508 | platform_probe+0xc4/0x19c | really_probe+0x32c/0x99c | __driver_probe_device+0x15c/0x3c4 | driver_probe_device+0x5c/0x170 | __driver_attach+0x1c8/0x440 | bus_for_each_dev+0xf4/0x178 | driver_attach+0x3c/0x58 | bus_add_driver+0x234/0x4d4 | driver_register+0xf4/0x3c0 | __platform_driver_register+0x60/0x88 | scmi_driver_init+0xb0/0x104 | do_one_initcall+0xb4/0x664 | kernel_init_freeable+0x3c8/0x894 | kernel_init+0x24/0x1e8 | ret_from_fork+0x10/0x20 | | Freed by task 1: | kasan_save_stack+0x2c/0x54 | kasan_set_track+0x2c/0x40 | kasan_save_free_info+0x38/0x5c | __kasan_slab_free+0xe8/0x164 | __kmem_cache_free+0x11c/0x230 | kfree+0x70/0x130 | kfree_const+0x20/0x40 | __scmi_device_destroy+0x70/0x280 | scmi_device_destroy+0x94/0xd0 | scmi_chan_setup+0x524/0x750 | scmi_probe+0x7fc/0x1508 | platform_probe+0xc4/0x19c | really_probe+0x32c/0x99c | __driver_probe_device+0x15c/0x3c4 | driver_probe_device+0x5c/0x170 | __driver_attach+0x1c8/0x440 | bus_for_each_dev+0xf4/0x178 | driver_attach+0x3c/0x58 | bus_add_driver+0x234/0x4d4 | driver_register+0xf4/0x3c0 | __platform_driver_register+0x60/0x88 | scmi_driver_init+0xb0/0x104 | do_one_initcall+0xb4/0x664 | kernel_init_freeable+0x3c8/0x894 | kernel_init+0x24/0x1e8 | ret_from_fork+0x10/0x20
AI Analysis
Technical Summary
CVE-2024-53068 is a high-severity use-after-free vulnerability identified in the Linux kernel's ARM SCMI (System Control and Management Interface) firmware driver. The flaw arises due to premature release of the scmi_dev->name string within the __scmi_device_destroy() function, which leads to a slab-use-after-free condition when the scmi_bus_notifier() function subsequently accesses this freed memory. This vulnerability is rooted in improper memory management where the scmi_dev->name is freed too early, causing invalid memory access during notifier callbacks. The kernel's Kernel Address Sanitizer (KASAN) detected this issue, showing a read of freed memory during a strncmp operation, triggered by device removal and driver probe sequences. The patch involves moving the release of scmi_dev->name to a later stage in scmi_device_release() to ensure the memory remains valid while still in use. The vulnerability affects specific Linux kernel versions identified by commit hashes (ee7a9c9f67c59008b330deff2762bd8cf1407eec) and impacts ARM-based platforms using the SCMI firmware interface, such as Qualcomm SA8775P Ride hardware. The CVSS v3.1 score is 7.8, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity but requiring local privileges and no user interaction. No known exploits are currently reported in the wild, but the vulnerability could be leveraged by a local attacker or malicious process with limited privileges to cause kernel crashes, escalate privileges, or execute arbitrary code due to use-after-free memory corruption.
Potential Impact
For European organizations, the impact of CVE-2024-53068 is significant primarily in environments running ARM-based Linux systems that utilize the SCMI firmware interface, such as embedded devices, IoT gateways, telecom infrastructure, or specialized industrial systems. Exploitation could lead to denial of service via kernel panics or potentially privilege escalation, threatening system integrity and availability. Confidentiality could also be compromised if an attacker leverages the use-after-free to execute arbitrary code or read sensitive kernel memory. This is particularly concerning for critical infrastructure sectors (energy, telecom, manufacturing) and enterprises relying on ARM-based Linux devices. The vulnerability's requirement for local privileges limits remote exploitation but insider threats or compromised accounts could exploit it. Given the widespread use of Linux in European data centers, telecom networks, and embedded systems, unpatched devices could become targets for attackers seeking to disrupt operations or gain elevated access. The absence of known exploits currently provides a window for proactive mitigation before active attacks emerge.
Mitigation Recommendations
European organizations should prioritize patching affected Linux kernel versions as soon as vendor updates become available, ensuring the fix that moves the release of scmi_dev->name to scmi_device_release() is applied. In the interim, restrict local access to ARM-based Linux systems running SCMI firmware drivers to trusted users only, employing strict access controls and monitoring for unusual activity. Employ kernel hardening techniques such as Kernel Address Sanitizer (KASAN) in testing environments to detect similar memory corruption issues early. Regularly audit device drivers and firmware interfaces for updates and security advisories. For embedded and IoT devices, coordinate with hardware vendors to obtain patched firmware or kernel versions. Additionally, implement system integrity monitoring and anomaly detection to identify potential exploitation attempts. Network segmentation can limit lateral movement if a device is compromised. Finally, maintain up-to-date backups and incident response plans tailored to embedded Linux environments to minimize downtime in case of exploitation.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy
CVE-2024-53068: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() The scmi_dev->name is released prematurely in __scmi_device_destroy(), which causes slab-use-after-free when accessing scmi_dev->name in scmi_bus_notifier(). So move the release of scmi_dev->name to scmi_device_release() to avoid slab-use-after-free. | BUG: KASAN: slab-use-after-free in strncmp+0xe4/0xec | Read of size 1 at addr ffffff80a482bcc0 by task swapper/0/1 | | CPU: 1 PID: 1 Comm: swapper/0 Not tainted 6.6.38-debug #1 | Hardware name: Qualcomm Technologies, Inc. SA8775P Ride (DT) | Call trace: | dump_backtrace+0x94/0x114 | show_stack+0x18/0x24 | dump_stack_lvl+0x48/0x60 | print_report+0xf4/0x5b0 | kasan_report+0xa4/0xec | __asan_report_load1_noabort+0x20/0x2c | strncmp+0xe4/0xec | scmi_bus_notifier+0x5c/0x54c | notifier_call_chain+0xb4/0x31c | blocking_notifier_call_chain+0x68/0x9c | bus_notify+0x54/0x78 | device_del+0x1bc/0x840 | device_unregister+0x20/0xb4 | __scmi_device_destroy+0xac/0x280 | scmi_device_destroy+0x94/0xd0 | scmi_chan_setup+0x524/0x750 | scmi_probe+0x7fc/0x1508 | platform_probe+0xc4/0x19c | really_probe+0x32c/0x99c | __driver_probe_device+0x15c/0x3c4 | driver_probe_device+0x5c/0x170 | __driver_attach+0x1c8/0x440 | bus_for_each_dev+0xf4/0x178 | driver_attach+0x3c/0x58 | bus_add_driver+0x234/0x4d4 | driver_register+0xf4/0x3c0 | __platform_driver_register+0x60/0x88 | scmi_driver_init+0xb0/0x104 | do_one_initcall+0xb4/0x664 | kernel_init_freeable+0x3c8/0x894 | kernel_init+0x24/0x1e8 | ret_from_fork+0x10/0x20 | | Allocated by task 1: | kasan_save_stack+0x2c/0x54 | kasan_set_track+0x2c/0x40 | kasan_save_alloc_info+0x24/0x34 | __kasan_kmalloc+0xa0/0xb8 | __kmalloc_node_track_caller+0x6c/0x104 | kstrdup+0x48/0x84 | kstrdup_const+0x34/0x40 | __scmi_device_create.part.0+0x8c/0x408 | scmi_device_create+0x104/0x370 | scmi_chan_setup+0x2a0/0x750 | scmi_probe+0x7fc/0x1508 | platform_probe+0xc4/0x19c | really_probe+0x32c/0x99c | __driver_probe_device+0x15c/0x3c4 | driver_probe_device+0x5c/0x170 | __driver_attach+0x1c8/0x440 | bus_for_each_dev+0xf4/0x178 | driver_attach+0x3c/0x58 | bus_add_driver+0x234/0x4d4 | driver_register+0xf4/0x3c0 | __platform_driver_register+0x60/0x88 | scmi_driver_init+0xb0/0x104 | do_one_initcall+0xb4/0x664 | kernel_init_freeable+0x3c8/0x894 | kernel_init+0x24/0x1e8 | ret_from_fork+0x10/0x20 | | Freed by task 1: | kasan_save_stack+0x2c/0x54 | kasan_set_track+0x2c/0x40 | kasan_save_free_info+0x38/0x5c | __kasan_slab_free+0xe8/0x164 | __kmem_cache_free+0x11c/0x230 | kfree+0x70/0x130 | kfree_const+0x20/0x40 | __scmi_device_destroy+0x70/0x280 | scmi_device_destroy+0x94/0xd0 | scmi_chan_setup+0x524/0x750 | scmi_probe+0x7fc/0x1508 | platform_probe+0xc4/0x19c | really_probe+0x32c/0x99c | __driver_probe_device+0x15c/0x3c4 | driver_probe_device+0x5c/0x170 | __driver_attach+0x1c8/0x440 | bus_for_each_dev+0xf4/0x178 | driver_attach+0x3c/0x58 | bus_add_driver+0x234/0x4d4 | driver_register+0xf4/0x3c0 | __platform_driver_register+0x60/0x88 | scmi_driver_init+0xb0/0x104 | do_one_initcall+0xb4/0x664 | kernel_init_freeable+0x3c8/0x894 | kernel_init+0x24/0x1e8 | ret_from_fork+0x10/0x20
AI-Powered Analysis
Technical Analysis
CVE-2024-53068 is a high-severity use-after-free vulnerability identified in the Linux kernel's ARM SCMI (System Control and Management Interface) firmware driver. The flaw arises due to premature release of the scmi_dev->name string within the __scmi_device_destroy() function, which leads to a slab-use-after-free condition when the scmi_bus_notifier() function subsequently accesses this freed memory. This vulnerability is rooted in improper memory management where the scmi_dev->name is freed too early, causing invalid memory access during notifier callbacks. The kernel's Kernel Address Sanitizer (KASAN) detected this issue, showing a read of freed memory during a strncmp operation, triggered by device removal and driver probe sequences. The patch involves moving the release of scmi_dev->name to a later stage in scmi_device_release() to ensure the memory remains valid while still in use. The vulnerability affects specific Linux kernel versions identified by commit hashes (ee7a9c9f67c59008b330deff2762bd8cf1407eec) and impacts ARM-based platforms using the SCMI firmware interface, such as Qualcomm SA8775P Ride hardware. The CVSS v3.1 score is 7.8, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity but requiring local privileges and no user interaction. No known exploits are currently reported in the wild, but the vulnerability could be leveraged by a local attacker or malicious process with limited privileges to cause kernel crashes, escalate privileges, or execute arbitrary code due to use-after-free memory corruption.
Potential Impact
For European organizations, the impact of CVE-2024-53068 is significant primarily in environments running ARM-based Linux systems that utilize the SCMI firmware interface, such as embedded devices, IoT gateways, telecom infrastructure, or specialized industrial systems. Exploitation could lead to denial of service via kernel panics or potentially privilege escalation, threatening system integrity and availability. Confidentiality could also be compromised if an attacker leverages the use-after-free to execute arbitrary code or read sensitive kernel memory. This is particularly concerning for critical infrastructure sectors (energy, telecom, manufacturing) and enterprises relying on ARM-based Linux devices. The vulnerability's requirement for local privileges limits remote exploitation but insider threats or compromised accounts could exploit it. Given the widespread use of Linux in European data centers, telecom networks, and embedded systems, unpatched devices could become targets for attackers seeking to disrupt operations or gain elevated access. The absence of known exploits currently provides a window for proactive mitigation before active attacks emerge.
Mitigation Recommendations
European organizations should prioritize patching affected Linux kernel versions as soon as vendor updates become available, ensuring the fix that moves the release of scmi_dev->name to scmi_device_release() is applied. In the interim, restrict local access to ARM-based Linux systems running SCMI firmware drivers to trusted users only, employing strict access controls and monitoring for unusual activity. Employ kernel hardening techniques such as Kernel Address Sanitizer (KASAN) in testing environments to detect similar memory corruption issues early. Regularly audit device drivers and firmware interfaces for updates and security advisories. For embedded and IoT devices, coordinate with hardware vendors to obtain patched firmware or kernel versions. Additionally, implement system integrity monitoring and anomaly detection to identify potential exploitation attempts. Network segmentation can limit lateral movement if a device is compromised. Finally, maintain up-to-date backups and incident response plans tailored to embedded Linux environments to minimize downtime in case of exploitation.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-11-19T17:17:24.975Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9824c4522896dcbdf8c4
Added to database: 5/21/2025, 9:08:52 AM
Last enriched: 7/2/2025, 11:42:16 PM
Last updated: 8/19/2025, 7:32:38 PM
Views: 21
Related Threats
CVE-2025-50503: n/a
UnknownCVE-2025-32010: CWE-121: Stack-based Buffer Overflow in Tenda AC6 V5.0
HighCVE-2025-31355: CWE-494: Download of Code Without Integrity Check in Tenda AC6 V5.0
HighCVE-2025-30256: CWE-772: Missing Release of Resource after Effective Lifetime in Tenda AC6 V5.0
HighCVE-2025-27129: CWE-288: Authentication Bypass Using an Alternate Path or Channel in Tenda AC6 V5.0
CriticalActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.