CVE-2024-49925: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-49925 is a vulnerability discovered in the Linux kernel's framebuffer device (fbdev) subsystem, specifically in the EFI framebuffer driver. The vulnerability was disclosed on October 21, 2024, and affects Linux kernel versions up to 6.6.55, from 6.7 to 6.10.14, and from 6.11 to 6.11.3. The issue involves a Use-After-Free (UAF) race condition during unregistering where the sysctl attributes were usable after the info struct was freed (NVD).

The vulnerability is classified as a Use-After-Free (UAF) issue with a CVSS v3.1 Base Score of 5.5 (Medium) and vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The technical issue occurs in the efifb driver's sysfs group handling, where there was a race condition during the unregistration process that could lead to accessing freed memory. The fix involves using the driver core's built-in functionality to register and cleanup sysfs groups, which helps simplify error handling and cleanup while preventing the UAF condition (NVD).

The vulnerability can lead to a denial of service condition through system crashes. The CVSS scoring indicates that while the vulnerability requires local access and low privileges to exploit, it can have a high impact on system availability without affecting confidentiality or integrity (NVD).

The vulnerability has been patched in various Linux kernel versions. Ubuntu has released fixes for versions 24.10 (oracular) and 24.04 LTS (noble), with work in progress for 22.04 LTS (jammy) and 20.04 LTS (focal). The fix involves modifying the efifb driver to use the driver core's built-in functionality for sysfs group handling (Ubuntu).