{"uuid": "0f675908-2775-424f-8168-0ba56ab4901b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50061", "type": "seen", "source": "https://t.me/cvedetector/8549", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50061 - Linux i3c: Master: cdns: Use After Free Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-50061 \nPublished : Oct. 21, 2024, 8:15 p.m. | 16\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \ni3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition  \n  \nIn the cdns_i3c_master_probe function, &master->hj_work is bound with  \ncdns_i3c_master_hj. And cdns_i3c_master_interrupt can call  \ncnds_i3c_master_demux_ibis function to start the work.  \n  \nIf we remove the module which will call cdns_i3c_master_remove to  \nmake cleanup, it will free master->base through i3c_master_unregister  \nwhile the work mentioned above will be used. The sequence of operations  \nthat may lead to a UAF bug is as follows:  \n  \nCPU0                                      CPU1  \n  \n                                     | cdns_i3c_master_hj  \ncdns_i3c_master_remove               |  \ni3c_master_unregister(&master->base) |  \ndevice_unregister(&master->dev)      |  \ndevice_release                       |  \n//free master->base                  |  \n                                     | i3c_master_do_daa(&master->base)  \n                                     | //use master->base  \n  \nFix it by ensuring that the work is canceled before proceeding with  \nthe cleanup in cdns_i3c_master_remove. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-21T22:42:56.000000Z"}