cve/2024/CVE-2024-50061.md

### [CVE-2024-50061](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50061)
![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=5.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)

### Description

In the Linux kernel, the following vulnerability has been resolved:i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race ConditionIn the cdns_i3c_master_probe function, &master->hj_work is bound withcdns_i3c_master_hj. And cdns_i3c_master_interrupt can callcnds_i3c_master_demux_ibis function to start the work.If we remove the module which will call cdns_i3c_master_remove tomake cleanup, it will free master->base through i3c_master_unregisterwhile the work mentioned above will be used. The sequence of operationsthat may lead to a UAF bug is as follows:CPU0                                      CPU1                                     | cdns_i3c_master_hjcdns_i3c_master_remove               |i3c_master_unregister(&master->base) |device_unregister(&master->dev)      |device_release                       |//free master->base                  |                                     | i3c_master_do_daa(&master->base)                                     | //use master->baseFix it by ensuring that the work is canceled before proceeding withthe cleanup in cdns_i3c_master_remove.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/bygregonline/devsec-fastapi-report
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/runwhen-contrib/helm-charts
- https://github.com/w4zu/Debian_security
Update CVE sources 2025-09-29 16:08 2025-09-29 16:08:36 +00:00			`### [CVE-2024-50061](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50061)`
			`![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`![](https://img.shields.io/static/v1?label=Version&message=&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=5.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)`
Update CVE sources 2025-09-29 16:08 2025-09-29 16:08:36 +00:00
			`### Description`

			In the Linux kernel, the following vulnerability has been resolved:i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race ConditionIn the cdns_i3c_master_probe function, &master->hj_work is bound withcdns_i3c_master_hj. And cdns_i3c_master_interrupt can callcnds_i3c_master_demux_ibis function to start the work.If we remove the module which will call cdns_i3c_master_remove tomake cleanup, it will free master->base through i3c_master_unregisterwhile the work mentioned above will be used. The sequence of operationsthat may lead to a UAF bug is as follows:CPU0 CPU1 \| cdns_i3c_master_hjcdns_i3c_master_remove \|i3c_master_unregister(&master->base) \|device_unregister(&master->dev) \|device_release \|//free master->base \| \| i3c_master_do_daa(&master->base) \| //use master->baseFix it by ensuring that the work is canceled before proceeding withthe cleanup in cdns_i3c_master_remove.

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/bygregonline/devsec-fastapi-report`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`- https://github.com/fkie-cad/nvd-json-data-feeds`
			`- https://github.com/runwhen-contrib/helm-charts`
			`- https://github.com/w4zu/Debian_security`
Update CVE sources 2025-09-29 16:08 2025-09-29 16:08:36 +00:00