CVE-2024-57979: 
Linux Kernel vulnerability analysis and mitigation

A use-after-free vulnerability was discovered in the Linux kernel's PPS (Pulse Per Second) subsystem. The issue occurs when gpsd is running and the system is rebooting, causing a use-after-free condition in sysexit() when ppsdevicedestruct() frees the ppsdevice with the embedded cdev immediately after calling cdev_del(). The vulnerability was assigned CVE-2024-57979 and affects the Linux kernel PPS subsystem (NVD, RedHat).

The vulnerability stems from a race condition where fops for previously opened cdevs are still callable even after cdevdel() returns. The issue manifests when ppsdevicedestruct() frees the ppsdevice structure containing the embedded cdev immediately after calling cdev_del(). This leads to a use-after-free condition that can trigger kernel panics. The CVSS v3.1 base score is 7.8 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (RedHat).

The vulnerability can lead to kernel panics and system crashes when exploited. The use-after-free condition can potentially be leveraged for arbitrary code execution in kernel context, with impacts including system crashes, information disclosure, and potential privilege escalation (RedHat).

The vulnerability has been fixed by removing the embedded cdev and using _registerchrdev() with pps_idr as the source of truth for minor device mapping. The fix ensures the pps->dev refcount cannot reach zero while userspace can still access it. System administrators should apply the kernel updates provided by their distribution vendors (RedHat).