CVE-2024-35814
📋 TL;DR
A double-allocation vulnerability in the Linux kernel's SWIOTLB subsystem allows memory corruption when handling DMA allocations with specific alignment requirements. This affects systems using SWIOTLB for DMA bouncing, particularly virtual machines with restricted DMA pools. Exploitation can lead to system crashes, hangs, or data corruption.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
System crash, kernel panic, or persistent data corruption leading to complete system instability and potential data loss.
Likely Case
System hangs, crashes, or unpredictable behavior in virtual machines using vsock with restricted DMA SWIOTLB pools.
If Mitigated
No impact if SWIOTLB is not used or if systems are patched with the kernel fix.
🎯 Exploit Status
Exploitation requires triggering the double-allocation through DMA operations, typically in virtualized environments.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits 04867a7a33324c9c562ee7949dbcaab7aaad1fb4 and related stable backports
Vendor Advisory: https://git.kernel.org/stable/c/04867a7a33324c9c562ee7949dbcaab7aaad1fb4
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing fix commits. 2. Check distribution security advisories for specific patched versions. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable SWIOTLB
linuxPrevent use of SWIOTLB subsystem if not required for system operation
Add 'swiotlb=0' to kernel boot parameters
Avoid restricted DMA pools
linuxConfigure virtual machines to avoid restricted DMA SWIOTLB usage
🧯 If You Can't Patch
- Monitor system logs for SWIOTLB allocation errors or vsock-related crashes
- Isolate affected virtual machines and consider migrating workloads to unaffected systems
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if SWIOTLB is active: cat /proc/cmdline | grep swiotlb && uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits: grep -q '04867a7a33324c9c562ee7949dbcaab7aaad1fb4' /proc/version_signature || echo 'Check distribution patch status'📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- SWIOTLB allocation errors in dmesg
- vsock device failures
Network Indicators:
- Unusual virtual machine communication failures
SIEM Query:
source="kernel" AND ("swiotlb" OR "double allocation" OR "vsock")🔗 References
- https://git.kernel.org/stable/c/04867a7a33324c9c562ee7949dbcaab7aaad1fb4
- https://git.kernel.org/stable/c/3e7acd6e25ba77dde48c3b721c54c89cd6a10534
- https://git.kernel.org/stable/c/777391743771040e12cc40d3d0d178f70c616491
- https://git.kernel.org/stable/c/c88668aa6c1da240ea3eb4d128b7906e740d3cb8
- https://git.kernel.org/stable/c/04867a7a33324c9c562ee7949dbcaab7aaad1fb4
- https://git.kernel.org/stable/c/3e7acd6e25ba77dde48c3b721c54c89cd6a10534
- https://git.kernel.org/stable/c/777391743771040e12cc40d3d0d178f70c616491
- https://git.kernel.org/stable/c/c88668aa6c1da240ea3eb4d128b7906e740d3cb8
