CVE-2024-35877
📋 TL;DR
A memory management vulnerability in the Linux kernel's x86 Page Attribute Table (PAT) handling for Copy-On-Write (COW) mappings. This can cause kernel warnings, memory leaks, or incorrect memory type tracking when COW operations occur on VM_PAT mappings. Affects Linux systems with x86 architecture using PAT memory type tracking.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel memory corruption leading to system instability, crashes, or potential privilege escalation through memory type confusion attacks.
Likely Case
Kernel warnings in system logs, memory leaks, or system instability during memory pressure scenarios with COW operations.
If Mitigated
Minor performance impact or failed memory operations in specific edge cases.
🎯 Exploit Status
Proof-of-concept code provided in CVE description demonstrates triggering the WARN_ON_ONCE(). Full exploitation for privilege escalation would require additional chaining.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 04c35ab3bdae7fefbd7c7a7355f29fa03a035221, 09e6bb53217bf388a0d2fd7fb21e74ab9dffc173, 1341e4b32e1fb1b0acd002ccd56f07bd32f2abc6, 51b7841f3fe84606ec0bd8da859d22e05e5419ec, 7cfee26d1950250b14c5cb0a37b142f3fcc6396a
Vendor Advisory: https://git.kernel.org/stable/c/04c35ab3bdae7fefbd7c7a7355f29fa03a035221
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check your distribution's security advisories for specific patched versions. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable PAT support (not recommended)
linuxDisabling PAT support may avoid the vulnerability but significantly impacts performance
Add 'nopat' to kernel boot parameters in GRUB configuration
🧯 If You Can't Patch
- Restrict local user access to systems where possible
- Monitor system logs for kernel warnings related to untrack_pfn()
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if it contains the fix commits. Look for kernel warnings containing 'untrack_pfn' in dmesg.Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated to include the fix commits. Test with the provided reproducer code to ensure no warnings appear.📡 Detection & Monitoring
Log Indicators:
- Kernel warnings containing 'untrack_pfn' or 'WARNING' at arch/x86/mm/pat/memtype.c
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("untrack_pfn" OR "memtype.c:1060")🔗 References
- https://git.kernel.org/stable/c/04c35ab3bdae7fefbd7c7a7355f29fa03a035221
- https://git.kernel.org/stable/c/09e6bb53217bf388a0d2fd7fb21e74ab9dffc173
- https://git.kernel.org/stable/c/1341e4b32e1fb1b0acd002ccd56f07bd32f2abc6
- https://git.kernel.org/stable/c/51b7841f3fe84606ec0bd8da859d22e05e5419ec
- https://git.kernel.org/stable/c/7cfee26d1950250b14c5cb0a37b142f3fcc6396a
- https://git.kernel.org/stable/c/97e93367e82752e475a33839a80b33bdbef1209f
- https://git.kernel.org/stable/c/c2b2430b48f3c9eaccd2c3d2ad75bb540d4952f4
- https://git.kernel.org/stable/c/f18681daaec9665a15c5e7e0f591aad5d0ac622b
- https://git.kernel.org/stable/c/04c35ab3bdae7fefbd7c7a7355f29fa03a035221
- https://git.kernel.org/stable/c/09e6bb53217bf388a0d2fd7fb21e74ab9dffc173
- https://git.kernel.org/stable/c/1341e4b32e1fb1b0acd002ccd56f07bd32f2abc6
- https://git.kernel.org/stable/c/51b7841f3fe84606ec0bd8da859d22e05e5419ec
- https://git.kernel.org/stable/c/7cfee26d1950250b14c5cb0a37b142f3fcc6396a
- https://git.kernel.org/stable/c/97e93367e82752e475a33839a80b33bdbef1209f
- https://git.kernel.org/stable/c/c2b2430b48f3c9eaccd2c3d2ad75bb540d4952f4
- https://git.kernel.org/stable/c/f18681daaec9665a15c5e7e0f591aad5d0ac622b
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
