CVE-2024-58056 in Linux
Summary
by MITRE • 03/06/2025
In the Linux kernel, the following vulnerability has been resolved:
remoteproc: core: Fix ida_free call while not allocated
In the rproc_alloc() function, on error, put_device(&rproc->dev) is called, leading to the call of the rproc_type_release() function. An error can occurs before ida_alloc is called.
In such case in rproc_type_release(), the condition (rproc->index >= 0) is true as rproc->index has been initialized to 0. ida_free() is called reporting a warning: [ 4.181906] WARNING: CPU: 1 PID: 24 at lib/idr.c:525 ida_free+0x100/0x164
[ 4.186378] stm32-display-dsi 5a000000.dsi: Fixed dependency cycle(s) with /soc/dsi@5a000000/panel@0
[ 4.188854] ida_free called for id=0 which is not allocated.
[ 4.198256] mipi-dsi 5a000000.dsi.0: Fixed dependency cycle(s) with /soc/dsi@5a000000
[ 4.203556] Modules linked in: panel_orisetech_otm8009a dw_mipi_dsi_stm(+) gpu_sched dw_mipi_dsi stm32_rproc stm32_crc32 stm32_ipcc(+) optee(+)
[ 4.224307] CPU: 1 UID: 0 PID: 24 Comm: kworker/u10:0 Not tainted 6.12.0 #442
[ 4.231481] Hardware name: STM32 (Device Tree Support)
[ 4.236627] Workqueue: events_unbound deferred_probe_work_func
[ 4.242504] Call trace:
[ 4.242522] unwind_backtrace from show_stack+0x10/0x14
[ 4.250218] show_stack from dump_stack_lvl+0x50/0x64
[ 4.255274] dump_stack_lvl from __warn+0x80/0x12c
[ 4.260134] __warn from warn_slowpath_fmt+0x114/0x188
[ 4.265199] warn_slowpath_fmt from ida_free+0x100/0x164
[ 4.270565] ida_free from rproc_type_release+0x38/0x60
[ 4.275832] rproc_type_release from device_release+0x30/0xa0
[ 4.281601] device_release from kobject_put+0xc4/0x294
[ 4.286762] kobject_put from rproc_alloc.part.0+0x208/0x28c
[ 4.292430] rproc_alloc.part.0 from devm_rproc_alloc+0x80/0xc4
[ 4.298393] devm_rproc_alloc from stm32_rproc_probe+0xd0/0x844 [stm32_rproc]
[ 4.305575] stm32_rproc_probe [stm32_rproc] from platform_probe+0x5c/0xbc
Calling ida_alloc earlier in rproc_alloc ensures that the rproc->index is properly set.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 01/21/2026
The vulnerability CVE-2024-58056 affects the Linux kernel's remote processor subsystem, specifically within the remoteproc core functionality. This issue stems from improper handling of resource allocation and deallocation sequences during the initialization process of remote processors. The problem manifests when the rproc_alloc() function encounters an error condition before successfully completing the ida_alloc() call, which is responsible for allocating unique identifiers for remote processor instances. The kernel's device management subsystem calls put_device() on the remote processor device structure, which triggers the rproc_type_release() function to clean up resources. However, due to the error condition occurring prior to ida_alloc(), the rproc->index field remains initialized to zero, creating a scenario where ida_free() is invoked on an unallocated identifier, leading to kernel warnings and potential instability.
The technical flaw resides in the conditional logic and resource management flow within the remoteproc subsystem. When an error occurs during rproc_alloc() execution, the system attempts to clean up by calling put_device(), which eventually leads to rproc_type_release() being executed. The function checks if rproc->index >= 0, which evaluates to true since the index is initialized to zero, causing ida_free() to be called on what it considers an allocated ID. However, this ID was never actually allocated due to the early error condition, violating the fundamental principle of resource management where deallocation operations should only occur on previously allocated resources. This pattern directly relates to CWE-459, which describes incomplete cleanup vulnerabilities, and represents a classic example of improper resource management in kernel space code.
The operational impact of this vulnerability extends beyond simple warning messages, as it can potentially disrupt the stable operation of remote processor subsystems in embedded systems. The warning message indicates that the kernel detected an attempt to free an ID that was never allocated, which could lead to memory corruption or inconsistent state management in systems relying on remoteproc functionality. This is particularly concerning for automotive, industrial, and embedded systems where remote processors handle critical tasks such as display controllers, communication modules, and sensor processing units. The vulnerability affects systems using the stm32_rproc driver, which is commonly found in STM32 microprocessor-based platforms, making it relevant to a wide range of embedded devices. The error sequence shows this issue occurring during device probe operations, potentially causing boot delays or device initialization failures that could impact system availability.
The recommended mitigation involves ensuring that ida_alloc() is called before any error handling paths that might lead to rproc_type_release(), thereby guaranteeing that rproc->index is properly set to a valid allocated value. This fix aligns with ATT&CK technique T1547.001, which involves modifying system boot processes or initialization sequences to ensure proper resource state management. The solution requires modifying the rproc_alloc() function to move the ida_alloc() call before the error handling logic, ensuring that the index field is properly initialized before any cleanup operations can be triggered. This approach prevents the scenario where an unallocated resource identifier is passed to ida_free(), maintaining the integrity of the kernel's resource management subsystem and preventing potential denial-of-service conditions or memory corruption issues that could affect the stability of embedded systems relying on remote processor functionality.