Memory Leak Vulnerability in Linux Kernel Affecting ARM64 Architecture
CVE-2024-57877

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 11 January 2025

Summary

A vulnerability in the ARM64 architecture of the Linux kernel could lead to a memory exposure due to improper initialization of a temporary variable during the SETREGSET calls. When a zero-length SETREGSET call is made, uninitialized memory could be written back to target registers, allowing sensitive data (up to 64 bits) to be leaked from the kernel stack. This issue has been addressed by ensuring the temporary variable is initialized before any data is copied from userspace, thus mitigating the potential for data leakage.

Affected Version(s)

Linux 17519819926211e6b2834e00e4554bec0daf22ac < 4105dd76bc8ad6529d47157ef0565cb84ca6676c

Linux 17519819926211e6b2834e00e4554bec0daf22ac < 594bfc4947c4fcabba1318d8384c61a29a6b89fb

Linux 6.12

References

https://git.kernel.org/stable/c/4105dd76bc8ad6529d47157ef...

https://git.kernel.org/stable/c/594bfc4947c4fcabba1318d83...

Timeline

Vulnerability published
Jan 11, 2025
Vulnerability Reserved
Jan 11, 2025