CVE-2024-36936
📋 TL;DR
A race condition in the Linux kernel's EFI memory acceptance mechanism can cause soft lockups (temporary system hangs) when accepting large memory regions in TDX guests. This affects Linux systems using EFI with unaccepted memory support, particularly in virtualized environments with large memory allocations. The vulnerability doesn't allow code execution but can cause denial of service.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
System becomes unresponsive for extended periods during memory acceptance operations, causing service disruption and potential data loss if critical operations are interrupted.
Likely Case
Intermittent system hangs or performance degradation when large memory allocations occur in TDX guest environments, particularly noticeable with softlockup timeout set to 1 second.
If Mitigated
Minor performance impact during memory acceptance operations with watchdog timeouts adjusted or systems not using TDX/EFI unaccepted memory features.
🎯 Exploit Status
This is a reliability/DoS issue rather than a traditional security vulnerability. Exploitation requires triggering specific memory acceptance operations in vulnerable configurations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel trees (commits: 1c5a1627f48105cbab81d25ec2f72232bfaa8185, 781e34b736014188ba9e46a71535237313dcda81, e115c1b5de55a105c75aba8eb08301c075fa4ef4)
Vendor Advisory: https://git.kernel.org/stable/c/1c5a1627f48105cbab81d25ec2f72232bfaa8185
Restart Required: Yes
Instructions:
1. Update to patched kernel version from your distribution's repository. 2. Rebuild kernel if using custom kernel with patches from stable tree. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Increase softlockup timeout
linuxIncrease kernel softlockup detection timeout to reduce false positives during memory acceptance operations
echo 30 > /proc/sys/kernel/watchdog_thresh
Disable softlockup detection
linuxTemporarily disable softlockup watchdog (not recommended for production)
echo 0 > /proc/sys/kernel/watchdog
🧯 If You Can't Patch
- Monitor system logs for softlockup warnings and investigate memory allocation patterns
- Avoid large memory allocations in TDX guest environments when possible
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if system uses EFI with unaccepted memory support. Look for softlockup warnings in dmesg during memory-intensive operations.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits. Monitor for absence of softlockup warnings during memory acceptance operations.📡 Detection & Monitoring
Log Indicators:
- Kernel softlockup warnings in dmesg/syslog
- Watchdog timeout messages
- Stack traces showing accept_memory or try_to_accept_memory functions
Network Indicators:
- None - this is a local kernel issue
SIEM Query:
source="kernel" AND ("soft lockup" OR "watchdog" OR "BUG: soft lockup")🔗 References
- https://git.kernel.org/stable/c/1c5a1627f48105cbab81d25ec2f72232bfaa8185
- https://git.kernel.org/stable/c/781e34b736014188ba9e46a71535237313dcda81
- https://git.kernel.org/stable/c/e115c1b5de55a105c75aba8eb08301c075fa4ef4
- https://git.kernel.org/stable/c/1c5a1627f48105cbab81d25ec2f72232bfaa8185
- https://git.kernel.org/stable/c/781e34b736014188ba9e46a71535237313dcda81
