Linux Kernel Vulnerability in ARM64 PTRACE Functionality
CVE-2024-57874

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 11 January 2025

Summary

A security vulnerability exists within the Linux kernel's ARM64 ptrace functionality where an uninitialized variable in the tagged_addr_ctrl_set() method can lead to unintended memory exposure. Specifically, a partial SETREGSET call with a length of zero can leak up to 64 bits of kernel stack memory. This vulnerability does not allow for a write operation, thus limiting the potential impact. Proper initialization of the temporary variable prior to the copying operation from userspace has been implemented in the fix, addressing the issue effectively while ensuring existing values are retained during zero-length writes.

Affected Version(s)

Linux 2200aa7154cb7ef76bac93e98326883ba64bfa2e < 1152dd13845efde5554f80c7e1233bae1d26bd3e

Linux 2200aa7154cb7ef76bac93e98326883ba64bfa2e < 1c176f5155ee6161fee6f416b64aa50394d3f220

Linux 2200aa7154cb7ef76bac93e98326883ba64bfa2e < 1370cf3eb5495d70e00547598583a4cd45b40b99

References

https://git.kernel.org/stable/c/1152dd13845efde5554f80c7e...

https://git.kernel.org/stable/c/1c176f5155ee6161fee6f416b...

https://git.kernel.org/stable/c/1370cf3eb5495d70e00547598...

Timeline

Vulnerability published
Jan 11, 2025
Vulnerability Reserved
Jan 11, 2025