CVE-2024-57980 in Linux
Summary
by MITRE • 02/27/2025
In the Linux kernel, the following vulnerability has been resolved:
media: uvcvideo: Fix double free in error path
If the uvc_status_init() function fails to allocate the int_urb, it will free the dev->status pointer but doesn't reset the pointer to NULL. This results in the kfree() call in uvc_status_cleanup() trying to double-free the memory. Fix it by resetting the dev->status pointer to NULL after freeing it.
Reviewed by: Ricardo Ribalda
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 05/24/2026
The vulnerability identified as CVE-2024-57980 resides within the Linux kernel's uvcvideo driver, which manages USB video class devices such as webcams and video capture hardware. This flaw represents a classic double free error that occurs during the error handling path of the video capture subsystem, specifically when the uvc_status_init() function encounters allocation failure for the int_urb structure. The uvcvideo driver operates under the media subsystem framework and is responsible for handling USB video devices that conform to the USB Video Class specification, making it a critical component for multimedia functionality across Linux systems. The vulnerability manifests when the driver attempts to initialize status monitoring structures for USB video devices, which is essential for proper device operation and error reporting.
The technical implementation of this vulnerability stems from improper pointer management within the error handling code path. When uvc_status_init() fails to allocate memory for the int_urb structure, the function correctly identifies the failure and proceeds to free the dev->status pointer through kfree(). However, the function fails to reset the dev->status pointer to NULL after the memory deallocation, leaving the pointer in an invalid state. This oversight creates a scenario where subsequent calls to uvc_status_cleanup() function, which is designed to properly clean up resources, will attempt to free the same memory location again. The double free condition occurs because the cleanup function does not perform null pointer checks before calling kfree(), resulting in undefined behavior and potential system instability. This type of memory management error falls under CWE-415, which specifically addresses double free conditions in software development.
The operational impact of CVE-2024-57980 extends beyond simple memory corruption, potentially enabling privilege escalation and system compromise through carefully crafted error conditions. When a USB video device is connected to a Linux system running an affected kernel version, the vulnerability can be triggered during the device initialization phase when the driver attempts to establish status monitoring for the device. Attackers could potentially exploit this condition by connecting malicious USB devices or by manipulating the device enumeration process to force the driver into the error path where the double free occurs. The consequences may include kernel memory corruption, system crashes, or in more sophisticated exploitation scenarios, arbitrary code execution with kernel privileges. This vulnerability affects all Linux systems that utilize the uvcvideo driver for USB video device management, including desktop systems, servers, and embedded devices with USB video capabilities.
Mitigation strategies for CVE-2024-57980 should focus on both immediate patch application and system hardening measures. The primary solution involves applying the kernel patch that resets the dev->status pointer to NULL after memory deallocation in the error handling path, which directly addresses the root cause of the double free condition. System administrators should prioritize updating to kernel versions that include the fix, typically those released after the vulnerability disclosure date. Additional defensive measures include implementing USB device whitelisting policies to restrict which devices can connect to systems, particularly in enterprise environments where USB device management is critical. The vulnerability demonstrates the importance of proper resource management in kernel drivers and aligns with ATT&CK technique T1068, which covers local privilege escalation through kernel vulnerabilities. Organizations should also consider monitoring for unusual system crashes or memory allocation patterns that might indicate exploitation attempts, as the double free condition may manifest as system instability or unexpected reboots during USB device enumeration processes.