CVE-2024-56576
📋 TL;DR
A race condition vulnerability in the Linux kernel's tc358743 media driver causes a use-after-free crash when device probe fails while using polling mode. This affects Linux systems using the tc358743 I2C video decoder driver. The vulnerability can lead to kernel crashes and potential denial of service.
💻 Affected Systems
- Linux kernel with tc358743 driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially requiring physical access to reboot affected systems.
Likely Case
System instability or crash when tc358743 device initialization fails, requiring reboot to recover.
If Mitigated
Minor system disruption requiring manual intervention to restart affected services.
🎯 Exploit Status
Exploitation requires specific hardware configuration and triggering device probe failure. More likely to be triggered accidentally than maliciously.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patched in Linux kernel stable releases via commits referenced in CVE
Vendor Advisory: https://git.kernel.org/stable/c/13193a97ddd5a6a5b11408ddbc1ae85588b1860c
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing fix commits
2. Rebuild kernel if compiling from source
3. Reboot system to load patched kernel
🔧 Temporary Workarounds
Disable tc358743 driver
linuxPrevent loading of vulnerable driver module
echo 'blacklist tc358743' >> /etc/modprobe.d/blacklist.conf
rmmod tc358743
Avoid polling mode
linuxConfigure driver to use interrupt mode instead of polling
modprobe tc358743 use_polling=0
🧯 If You Can't Patch
- Ensure tc358743 hardware is not present or connected to vulnerable systems
- Implement monitoring for kernel crashes and have recovery procedures ready
🔍 How to Verify
Check if Vulnerable:
Check if tc358743 module is loaded: lsmod | grep tc358743Check Version:
uname -rVerify Fix Applied:
Check kernel version contains fix commits or verify tc358743 driver version📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- WARNING: CPU: 3 PID: 0 at kernel/time/timer.c:1830
- tc358743 probe failure logs
Network Indicators:
- None - local kernel issue
SIEM Query:
source="kernel" AND ("tc358743" OR "timer.c:1830" OR "__run_timers")🔗 References
- https://git.kernel.org/stable/c/13193a97ddd5a6a5b11408ddbc1ae85588b1860c
- https://git.kernel.org/stable/c/1def915b1564f4375330bd113ea1d768a569cfd8
- https://git.kernel.org/stable/c/34a3466a92f50c51d984f0ec2e96864886d460eb
- https://git.kernel.org/stable/c/5c9ab34c87af718bdbf9faa2b1a6ba41d15380ea
- https://git.kernel.org/stable/c/815d14147068347e88c258233eb951b41b2792a6
- https://git.kernel.org/stable/c/869f38ae07f7df829da4951c3d1f7a2be09c2e9a
- https://git.kernel.org/stable/c/b59ab89bc83f7bff67f78c6caf484a84a6dd30f7
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
