CVE-2024-35932 – This is a use-after-free vulnerability in the L... (How to Fix)

Q: What is the severity of CVE-2024-35932?

CVE-2024-35932 has a CVSS score of 7.8 (HIGH). This is a use-after-free vulnerability in the Linux kernel's VC4 DRM driver that can cause kernel memory corruption and potential system crashes. It affects systems using the VC4 graphics driver on Raspberry Pi devices and other ARM-based platforms. The vulnerability occurs during non-blocking display commits when checking frame buffer references.

📋 TL;DR

This is a use-after-free vulnerability in the Linux kernel's VC4 DRM driver that can cause kernel memory corruption and potential system crashes. It affects systems using the VC4 graphics driver on Raspberry Pi devices and other ARM-based platforms. The vulnerability occurs during non-blocking display commits when checking frame buffer references.

💻 Affected Systems

Products:

Linux kernel with VC4 DRM driver

Versions: Linux kernel versions before the fix commits (specifically before 48bfb4b03c5ff6e1fa1dc73fb915e150b0968c40 and related commits)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Primarily affects Raspberry Pi devices and other ARM platforms using the VC4 graphics driver. Requires the VC4 DRM driver to be loaded and used.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, potential privilege escalation if combined with other vulnerabilities, or system instability requiring reboot.

🟠

Likely Case

System crashes or kernel warnings when using graphics-intensive applications, particularly with non-blocking display commits on affected hardware.

🟢

If Mitigated

Minor performance impact or application crashes without system-wide effects if properly contained.

🌐 Internet-Facing: LOW - This is a local kernel vulnerability requiring local access or existing code execution.

🏢 Internal Only: MEDIUM - Could be exploited by malicious local users or through compromised applications to cause denial of service.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM - Requires understanding of kernel memory management and DRM subsystem.

Exploitation requires local access and ability to trigger the vulnerable code path through graphics operations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel with commits 48bfb4b03c5ff6e1fa1dc73fb915e150b0968c40, 5343f724c912c77541029123f47ecd3d2ea63bdd, 5ee0d47dcf33efd8950b347dcf4d20bab12a3fa9, d6b2fe2db1d0927b2d7df5c763eba55d0e1def3c

Vendor Advisory: https://git.kernel.org/stable/c/48bfb4b03c5ff6e1fa1dc73fb915e150b0968c40

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. For Raspberry Pi OS: Run 'sudo apt update && sudo apt upgrade'. 3. For other distributions: Use your package manager to update kernel packages. 4. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable VC4 DRM driver

linux

Prevent loading of vulnerable VC4 driver module

echo 'blacklist vc4' | sudo tee /etc/modprobe.d/blacklist-vc4.conf
sudo update-initramfs -u
sudo reboot

Use software rendering

linux

Force software rendering instead of hardware acceleration

export LIBGL_ALWAYS_SOFTWARE=1

🧯 If You Can't Patch

Restrict local user access to systems with vulnerable kernels
Monitor system logs for kernel warnings related to refcount underflow or VC4 driver

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if VC4 driver is loaded: 'uname -r' and 'lsmod | grep vc4'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated and check dmesg for absence of refcount underflow warnings related to VC4

📡 Detection & Monitoring

Log Indicators:

Kernel warnings with 'refcount_t: underflow; use-after-free'
VC4 driver related errors in dmesg
System crashes or instability during graphics operations

Network Indicators:

None - this is a local vulnerability

SIEM Query:

source="kernel" AND ("refcount_t: underflow" OR "vc4" AND "use-after-free")

📊 Metadata

CVE ID: CVE-2024-35932

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: May 19, 2024

Last Updated: September 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-35932, you might also want to check these: