Linux Kernel Vulnerability in ARM Architecture Related to Ptrace Functionality
CVE-2024-57878

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 11 January 2025

Summary

A vulnerability in the Linux kernel's ARM architecture related to the ptrace function has been identified. The issue arises when the fpmr_set function fails to properly initialize a temporary variable, leading to a scenario where an arbitrary value can be written back to the target process's fpmr register. This can potentially leak up to 64 bits of sensitive memory from the kernel stack when a SETREGSET call with a zero length is executed. To mitigate this, the temporary value is now initialized correctly prior to any regset copying, ensuring that existing FPMR contents remain intact during zero-length writes.

Affected Version(s)

Linux 4035c22ef7d43a6c00d6a6584c60e902b95b46af < 8ab73c34e3c5b580721696665eabd799346bc50b

Linux 4035c22ef7d43a6c00d6a6584c60e902b95b46af

Linux 6.9

References

https://git.kernel.org/stable/c/8ab73c34e3c5b580721696665...

https://git.kernel.org/stable/c/f5d71291841aecfe5d8435da2...

Timeline

Vulnerability published
Jan 11, 2025
Vulnerability Reserved
Jan 11, 2025