CVE-2024-58003
📋 TL;DR
A double-free vulnerability in Linux kernel media drivers for DS90UB913/DS90UB953 chips could cause memory corruption or system crashes when the driver is removed multiple times. This affects systems using these specific video serializer/deserializer chips with vulnerable kernel versions. The vulnerability requires local access to trigger.
💻 Affected Systems
- Linux kernel with ds90ub913/ds90ub953 driver support
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system crash leading to denial of service, or potential privilege escalation if memory corruption can be controlled.
Likely Case
System instability or crash when the affected driver module is repeatedly loaded/unloaded.
If Mitigated
Minimal impact with proper access controls preventing unauthorized module manipulation.
🎯 Exploit Status
Requires CAP_SYS_MODULE capability or root access to load/unload kernel modules. Exploitation depends on triggering driver removal multiple times.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel stable releases containing fixes: 474d7baf91d37bc411fa60de5bbf03c9dd82e18a, 60b45ece41c5632a3a3274115a401cb244180646, 70743d6a8b256225675711e7983825f1be86062d, f4e4373322f8d4c19721831f7fb989e52d30dab0
Vendor Advisory: https://git.kernel.org/stable/c/474d7baf91d37bc411fa60de5bbf03c9dd82e18a
Restart Required: No
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. For custom kernels, apply the fix commit to your kernel source. 3. Recompile and install the updated kernel.
🔧 Temporary Workarounds
Restrict module loading
allPrevent unauthorized users from loading/unloading kernel modules
echo 1 > /proc/sys/kernel/modules_disabled
chmod 600 /lib/modules/$(uname -r)/modules.*
Blacklist affected driver
allPrevent loading of vulnerable driver if not needed
echo 'blacklist ds90ub913' >> /etc/modprobe.d/blacklist.conf
echo 'blacklist ds90ub953' >> /etc/modprobe.d/blacklist.conf
🧯 If You Can't Patch
- Restrict kernel module loading to root only using kernel.modules_disabled=1 boot parameter
- Remove or disable the affected driver module if not required for system functionality
🔍 How to Verify
Check if Vulnerable:
Check if ds90ub913 or ds90ub953 module is loaded: lsmod | grep -E 'ds90ub913|ds90ub953'Check Version:
uname -rVerify Fix Applied:
Check kernel version against patched releases or verify the fix commit is present in kernel source📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages related to fwnode_handle_put
- System crashes when ds90ub9x3 modules are loaded/unloaded
- dmesg warnings about memory corruption
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("ds90ub913" OR "ds90ub953" OR "fwnode_handle_put")