CVE-2024-58054
📋 TL;DR
A use-after-free vulnerability in the Linux kernel's max96712 media driver causes a kernel oops (crash) when removing the module. This affects systems using the max96712 driver for video processing hardware. The vulnerability allows local attackers with module removal privileges to crash the kernel.
💻 Affected Systems
- Linux kernel with max96712 staging driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially requiring physical reboot.
Likely Case
System crash when removing the max96712 module, causing temporary denial of service until reboot.
If Mitigated
No impact if module removal is restricted or patched kernel is used.
🎯 Exploit Status
Requires local access and CAP_SYS_MODULE capability to remove kernel modules.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patched in kernel commits referenced in CVE
Vendor Advisory: https://git.kernel.org/stable/c/1556b9149b81cc549c13f5e56e81e89404d8a666
Restart Required: No
Instructions:
1. Update Linux kernel to version containing fix commits. 2. Rebuild kernel if using custom kernel. 3. Load updated max96712 module.
🔧 Temporary Workarounds
Restrict module removal
LinuxPrevent unauthorized users from removing kernel modules
echo 'kernel.modules_disabled=1' >> /etc/sysctl.conf
sysctl -p
Blacklist max96712 module
LinuxPrevent loading of vulnerable module
echo 'blacklist max96712' >> /etc/modprobe.d/blacklist.conf
🧯 If You Can't Patch
- Restrict module loading/unloading to privileged users only
- Monitor for unauthorized module removal attempts
🔍 How to Verify
Check if Vulnerable:
Check if max96712 module is loaded: lsmod | grep max96712Check Version:
uname -rVerify Fix Applied:
Attempt to remove module after patch: rmmod max96712 (should not crash)📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages in dmesg
- System crash/reboot logs
- Failed module removal attempts
Network Indicators:
- None - local vulnerability only
SIEM Query:
search 'kernel: Oops:' OR 'kernel: BUG:' OR 'kernel: Unable to handle kernel'🔗 References
- https://git.kernel.org/stable/c/1556b9149b81cc549c13f5e56e81e89404d8a666
- https://git.kernel.org/stable/c/278a98f6d8a7bbe1110433b057333536e4490edf
- https://git.kernel.org/stable/c/3311c5395e7322298b659b8addc704b39fb3a59c
- https://git.kernel.org/stable/c/dfde3d63afbaae664c4d36e53cfb4045d5374561
- https://git.kernel.org/stable/c/ee1b5046d5cd892a0754ab982aeaaad3702083a5
- https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
