CVE-2024-50061
📋 TL;DR
A use-after-free vulnerability in the Linux kernel's Cadence I3C master driver allows local attackers to potentially crash the system or execute arbitrary code. This affects Linux systems using the cdns_i3c_master driver, typically on embedded devices with I3C hardware. The vulnerability occurs due to a race condition during module removal.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to kernel-level code execution, leading to complete system compromise.
Likely Case
Kernel panic or system crash causing denial of service.
If Mitigated
Limited impact if driver not loaded or system not using I3C hardware.
🎯 Exploit Status
Exploitation requires precise timing to trigger the race condition between module removal and work queue execution.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patched in stable kernel versions via commits: 2a21bad9964c91b34d65ba269914233720c0b1ce, 609366e7a06d035990df78f1562291c3bf0d4a12, 687016d6a1efbfacdd2af913e2108de6b75a28d5, ea0256e393e0072e8c80fd941547807f0c28108b
Vendor Advisory: https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. For Debian systems: apt update && apt upgrade linux-image-*. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Unload vulnerable driver
linuxPrevent exploitation by unloading the cdns_i3c_master module if not needed
sudo rmmod cdns_i3c_master
Blacklist driver module
linuxPrevent driver from loading at boot
echo 'blacklist cdns_i3c_master' | sudo tee /etc/modprobe.d/blacklist-cdns-i3c.conf
sudo update-initramfs -u
🧯 If You Can't Patch
- Restrict local user access to systems with vulnerable driver loaded
- Monitor for kernel crashes or unusual system behavior
🔍 How to Verify
Check if Vulnerable:
Check if cdns_i3c_master module is loaded: lsmod | grep cdns_i3c_masterCheck Version:
uname -rVerify Fix Applied:
Check kernel version against patched releases from your distribution vendor📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- System crashes during module operations
- dmesg errors related to cdns_i3c_master or use-after-free
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("cdns_i3c_master" OR "use-after-free" OR "general protection fault")🔗 References
- https://git.kernel.org/stable/c/2a21bad9964c91b34d65ba269914233720c0b1ce
- https://git.kernel.org/stable/c/609366e7a06d035990df78f1562291c3bf0d4a12
- https://git.kernel.org/stable/c/687016d6a1efbfacdd2af913e2108de6b75a28d5
- https://git.kernel.org/stable/c/ea0256e393e0072e8c80fd941547807f0c28108b
- https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
