CVE-2024-35944
📋 TL;DR
This CVE describes a memory corruption vulnerability in the Linux kernel's VMCI driver where a memcpy() operation can write beyond the bounds of a structure. This could allow local attackers to cause kernel crashes or potentially execute arbitrary code. The vulnerability affects systems running vulnerable Linux kernel versions with VMCI enabled.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to kernel-level execution, potentially leading to full system compromise.
Likely Case
Kernel panic or system crash causing denial of service.
If Mitigated
No impact if VMCI is disabled or system is patched.
🎯 Exploit Status
Discovered via fuzzing with Syzkaller. Requires local access and ability to trigger the vulnerable code path.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patched in stable kernel trees via commits referenced in CVE
Vendor Advisory: https://git.kernel.org/stable/c/130b0cd064874e0d0f58e18fb00e6f3993e90c74
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable VMCI module
linuxPrevent loading of the vulnerable VMCI driver
echo 'blacklist vmw_vmci' >> /etc/modprobe.d/blacklist.conf
rmmod vmw_vmci
🧯 If You Can't Patch
- Ensure VMCI driver is not loaded (check with 'lsmod | grep vmci')
- Implement strict access controls to prevent local users from triggering vulnerable code paths
🔍 How to Verify
Check if Vulnerable:
Check if VMCI module is loaded: 'lsmod | grep vmci' and check kernel version against patched versionsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated and VMCI module version matches patched release📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- WARNING messages about 'field-spanning write' in dg_dispatch_as_host()
SIEM Query:
kernel:WARNING AND dg_dispatch_as_host🔗 References
- https://git.kernel.org/stable/c/130b0cd064874e0d0f58e18fb00e6f3993e90c74
- https://git.kernel.org/stable/c/19b070fefd0d024af3daa7329cbc0d00de5302ec
- https://git.kernel.org/stable/c/491a1eb07c2bd8841d63cb5263455e185be5866f
- https://git.kernel.org/stable/c/ad78c5047dc4076d0b3c4fad4f42ffe9c86e8100
- https://git.kernel.org/stable/c/dae70a57565686f16089737adb8ac64471570f73
- https://git.kernel.org/stable/c/e87bb99d2df6512d8ee37a5d63d2ca9a39a8c051
- https://git.kernel.org/stable/c/f15eca95138b3d4ec17b63c3c1937b0aa0d3624b
- https://git.kernel.org/stable/c/feacd430b42bbfa9ab3ed9e4f38b86c43e348c75
- https://git.kernel.org/stable/c/130b0cd064874e0d0f58e18fb00e6f3993e90c74
- https://git.kernel.org/stable/c/19b070fefd0d024af3daa7329cbc0d00de5302ec
- https://git.kernel.org/stable/c/491a1eb07c2bd8841d63cb5263455e185be5866f
- https://git.kernel.org/stable/c/ad78c5047dc4076d0b3c4fad4f42ffe9c86e8100
- https://git.kernel.org/stable/c/dae70a57565686f16089737adb8ac64471570f73
- https://git.kernel.org/stable/c/e87bb99d2df6512d8ee37a5d63d2ca9a39a8c051
- https://git.kernel.org/stable/c/f15eca95138b3d4ec17b63c3c1937b0aa0d3624b
- https://git.kernel.org/stable/c/feacd430b42bbfa9ab3ed9e4f38b86c43e348c75
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
