CVE-2024-36953
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's KVM (Kernel-based Virtual Machine) subsystem for ARM64 architecture. When handling GICv2 virtual interrupt controller ioctl operations with invalid CPU IDs, the system could crash or become unstable. This affects systems running KVM virtualization on ARM64 hardware.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially affecting all virtual machines on the host.
Likely Case
Kernel crash or instability when malicious userspace processes send malformed ioctl requests to the KVM subsystem.
If Mitigated
Proper input validation prevents the crash, maintaining system stability.
🎯 Exploit Status
Requires local access and ability to make KVM ioctl calls. Likely requires CAP_SYS_ADMIN or KVM group membership.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing the fix commits (01981276d64e, 17db92da8be5, etc.)
Vendor Advisory: https://git.kernel.org/stable/c/01981276d64e542c177b243f7c979fee855d5487
Restart Required: Yes
Instructions:
1. Update to a patched kernel version from your distribution. 2. Reboot the system. 3. Verify the kernel version includes the fix commits.
🔧 Temporary Workarounds
Disable KVM on ARM64
linuxDisable KVM virtualization if not required
echo 'blacklist kvm' >> /etc/modprobe.d/blacklist.conf
rmmod kvm
Restrict KVM access
linuxLimit which users can access KVM devices
chmod 600 /dev/kvm
chown root:root /dev/kvm
🧯 If You Can't Patch
- Restrict KVM device access to trusted users only
- Monitor for suspicious ioctl calls to KVM subsystem
🔍 How to Verify
Check if Vulnerable:
Check if running an affected kernel version on ARM64 with KVM enabled: 'uname -r' and 'lsmod | grep kvm'Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits: 'git log --oneline | grep -E "01981276d64e|17db92da8be5"' or check distribution patch notes📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- NULL pointer dereference in kernel logs
- KVM subsystem crash messages
Network Indicators:
- Not network exploitable
SIEM Query:
search 'kernel: BUG: unable to handle kernel NULL pointer dereference' AND 'vgic_v2_parse_attr'🔗 References
- https://git.kernel.org/stable/c/01981276d64e542c177b243f7c979fee855d5487
- https://git.kernel.org/stable/c/17db92da8be5dd3bf63c01f4109fe47db64fc66f
- https://git.kernel.org/stable/c/3a5b0378ac6776c7c31b18e0f3c1389bd6005e80
- https://git.kernel.org/stable/c/4404465a1bee3607ad90a4c5f9e16dfd75b85728
- https://git.kernel.org/stable/c/6ddb4f372fc63210034b903d96ebbeb3c7195adb
- https://git.kernel.org/stable/c/8d6a1c8e3de36cb0f5e866f1a582b00939e23104
- https://git.kernel.org/stable/c/01981276d64e542c177b243f7c979fee855d5487
- https://git.kernel.org/stable/c/17db92da8be5dd3bf63c01f4109fe47db64fc66f
- https://git.kernel.org/stable/c/3a5b0378ac6776c7c31b18e0f3c1389bd6005e80
- https://git.kernel.org/stable/c/4404465a1bee3607ad90a4c5f9e16dfd75b85728
- https://git.kernel.org/stable/c/6ddb4f372fc63210034b903d96ebbeb3c7195adb
- https://git.kernel.org/stable/c/8d6a1c8e3de36cb0f5e866f1a582b00939e23104
- https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html
