CVE-2024-35791
📋 TL;DR
This is a use-after-free vulnerability in the Linux kernel's KVM SVM (Secure Virtual Machine) subsystem. It allows a malicious user with access to a KVM virtual machine to potentially crash the host kernel or execute arbitrary code. The vulnerability affects systems running Linux kernels with KVM SVM support enabled.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Privilege escalation to kernel-level code execution, allowing complete host system compromise and potential escape from the KVM virtual machine.
Likely Case
Kernel panic or denial of service causing host system crash and disruption of all virtual machines running on the host.
If Mitigated
Limited impact if KVM is not enabled or SVM features are not used; systems without virtualization support are unaffected.
🎯 Exploit Status
Exploitation requires access to a KVM virtual machine and knowledge of the specific memory management operations. The race condition nature makes timing-dependent exploitation challenging.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel versions containing commits: 12f8e32a5a389a5d58afc67728c76e61beee1ad4, 2d13b79640b147bd77c34a5998533b2021a4122d, 4868c0ecdb6cfde7c70cf478c46e06bb9c7e5865, 5ef1d8c1ddbf696e47b226e11888eaf8d9e8e807, e126b508ed2e616d679d85fca2fbe77bb48bbdd7
Vendor Advisory: https://git.kernel.org/stable/c/12f8e32a5a389a5d58afc67728c76e61beee1ad4
Restart Required: Yes
Instructions:
1. Update Linux kernel to a version containing the fix commits. 2. Check with your distribution vendor for specific patched kernel packages. 3. Reboot the system to load the new kernel.
🔧 Temporary Workarounds
Disable KVM SVM support
linuxDisable AMD Secure Encrypted Virtualization (SEV) features in KVM if not required
echo 0 > /sys/module/kvm_amd/parameters/sev
Add 'kvm_amd.sev=0' to kernel boot parameters
🧯 If You Can't Patch
- Restrict KVM access to trusted users only using appropriate SELinux/AppArmor policies or user permissions
- Monitor system logs for KVM-related crashes or unusual behavior and isolate affected systems
🔍 How to Verify
Check if Vulnerable:
Check if KVM is enabled and SVM features are active: 'lsmod | grep kvm' and check dmesg for SEV initializationCheck Version:
uname -rVerify Fix Applied:
Check kernel version against patched versions from your distribution vendor; verify the specific git commits are present in your kernel source📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages related to KVM or memory management
- Use-after-free warnings in kernel logs (dmesg)
- Unexpected virtual machine crashes or host system instability
Network Indicators:
- No network-based indicators as this is a local vulnerability
SIEM Query:
Search for kernel panic events or KVM-related error messages in system logs🔗 References
- https://git.kernel.org/stable/c/12f8e32a5a389a5d58afc67728c76e61beee1ad4
- https://git.kernel.org/stable/c/2d13b79640b147bd77c34a5998533b2021a4122d
- https://git.kernel.org/stable/c/4868c0ecdb6cfde7c70cf478c46e06bb9c7e5865
- https://git.kernel.org/stable/c/5ef1d8c1ddbf696e47b226e11888eaf8d9e8e807
- https://git.kernel.org/stable/c/e126b508ed2e616d679d85fca2fbe77bb48bbdd7
- https://git.kernel.org/stable/c/f6d53d8a2617dd58c89171a6b9610c470ebda38a
- https://git.kernel.org/stable/c/12f8e32a5a389a5d58afc67728c76e61beee1ad4
- https://git.kernel.org/stable/c/2d13b79640b147bd77c34a5998533b2021a4122d
- https://git.kernel.org/stable/c/4868c0ecdb6cfde7c70cf478c46e06bb9c7e5865
- https://git.kernel.org/stable/c/5ef1d8c1ddbf696e47b226e11888eaf8d9e8e807
- https://git.kernel.org/stable/c/e126b508ed2e616d679d85fca2fbe77bb48bbdd7
- https://git.kernel.org/stable/c/f6d53d8a2617dd58c89171a6b9610c470ebda38a
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
