CVE-2024-49992 in Linuxinfo

Summary

by MITRE • 10/21/2024

In the Linux kernel, the following vulnerability has been resolved:

drm/stm: Avoid use-after-free issues with crtc and plane

ltdc_load() calls functions drm_crtc_init_with_planes(), drm_universal_plane_init() and drm_encoder_init(). These functions should not be called with parameters allocated with devm_kzalloc() to avoid use-after-free issues [1].

Use allocations managed by the DRM framework.

Found by Linux Verification Center (linuxtesting.org).

[1]
https://lore.kernel.org/lkml/u366i76e3qhh3ra5oxrtngjtm2u5lterkekcz6y2jkndhuxzli@diujon4h7qwb/

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 03/22/2026

The vulnerability identified as CVE-2024-49992 resides within the Linux kernel's display subsystem, specifically affecting the drm/stm driver component responsible for handling display rendering operations on certain STM (STMicroelectronics) hardware platforms. This issue represents a critical use-after-free vulnerability that can potentially lead to system instability, privilege escalation, or arbitrary code execution within the kernel space. The flaw manifests in the ltdc_load() function which orchestrates the initialization of display components through several DRM framework functions, creating a scenario where memory management practices directly compromise system security and stability.

The technical root cause stems from improper memory allocation patterns within the driver initialization sequence. When ltdc_load() executes drm_crtc_init_with_planes(), drm_universal_plane_init(), and drm_encoder_init() functions, it passes memory allocations that were created using devm_kzalloc() - a device memory allocator that automatically frees memory when the device is removed. This approach creates a dangerous race condition where the allocated memory can be freed while still being referenced by the DRM subsystem functions, leading to use-after-free conditions. The vulnerability specifically occurs because these DRM initialization functions expect memory allocations managed by the DRM framework itself rather than device-managed allocations, creating a mismatch that allows for memory corruption and potential exploitation.

The operational impact of this vulnerability extends beyond simple system crashes, as it can enable sophisticated attack vectors that leverage the kernel's memory management flaws. An attacker with local privileges could potentially exploit this vulnerability to gain elevated system access, manipulate display operations, or cause denial of service conditions that affect the entire graphical subsystem. The vulnerability affects systems running Linux kernels with the drm/stm driver enabled, particularly those utilizing STM hardware platforms such as certain embedded systems, automotive displays, or industrial control systems where display functionality is critical. The Linux Verification Center's discovery through automated analysis tools highlights the importance of systematic kernel security auditing and the potential for such flaws to remain undetected in complex driver codebases.

Mitigation strategies for CVE-2024-49992 focus on correcting the memory allocation approach within the drm/stm driver implementation. The recommended fix involves modifying the ltdc_load() function to utilize DRM framework-managed allocations instead of device-managed ones when calling the affected DRM initialization functions. This change ensures that memory lifetimes are properly synchronized with the DRM subsystem's expectations and prevents the use-after-free conditions that enable exploitation. System administrators should prioritize updating to kernel versions that contain the patched drm/stm driver code, typically those incorporating the fix from the Linux kernel mainline. The vulnerability aligns with CWE-416, which specifically addresses use-after-free conditions in memory management, and may present opportunities for exploitation through ATT&CK techniques related to privilege escalation and kernel exploitation. Organizations should conduct thorough testing of updated kernel versions to ensure compatibility with existing display hardware while maintaining security posture against this and similar vulnerabilities.

Responsible

Linux

Reservation

10/21/2024

Disclosure

10/21/2024

Moderation

accepted

CPE

ready

EPSS

0.00239

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!