CVE-2024-36963
📋 TL;DR
A Linux kernel vulnerability in tracefs where file permissions aren't properly reset during remount operations. This allows files with previously modified permissions to retain those permissions even after a system-wide remount, potentially creating privilege escalation opportunities. Affects systems using tracefs with custom permission settings.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Privilege escalation where an attacker gains unauthorized access to tracefs files, potentially enabling kernel information disclosure or manipulation of tracing data.
Likely Case
Inconsistent file permissions leading to security policy violations, where some files retain old permissions while others are updated during remount.
If Mitigated
Minimal impact if tracefs isn't used or if no custom permissions were set before remount.
🎯 Exploit Status
Requires local access and ability to modify tracefs permissions before remount.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel branches via provided git commits
Vendor Advisory: https://git.kernel.org/stable/c/414fb08628143203d29ccd0264b5a83fb9523c03
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Apply kernel patches from git commits. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Avoid tracefs permission modifications
linuxDo not modify tracefs file permissions manually to avoid the inconsistent state.
# Avoid using chmod/chown on /sys/kernel/tracing files
Unmount tracefs if not needed
linuxRemove tracefs mount if tracing functionality is not required.
# umount /sys/kernel/tracing
🧯 If You Can't Patch
- Audit tracefs permissions regularly to ensure no unexpected changes persist
- Implement strict access controls to prevent unauthorized users from modifying tracefs permissions
🔍 How to Verify
Check if Vulnerable:
Check if tracefs files retain old permissions after remount with different gid/uid options.Check Version:
# uname -rVerify Fix Applied:
After patching, verify that all tracefs files update permissions consistently during remount operations.📡 Detection & Monitoring
Log Indicators:
- Audit logs showing permission changes to tracefs files
- System logs showing tracefs remount operations
Network Indicators:
- None - local filesystem vulnerability
SIEM Query:
Search for chmod/chown operations on /sys/kernel/tracing/* files🔗 References
- https://git.kernel.org/stable/c/414fb08628143203d29ccd0264b5a83fb9523c03
- https://git.kernel.org/stable/c/5f91fc82794d4a6e41cdcd02d00baa377d94ca78
- https://git.kernel.org/stable/c/baa23a8d4360d981a49913841a726edede5cdd54
- https://git.kernel.org/stable/c/414fb08628143203d29ccd0264b5a83fb9523c03
- https://git.kernel.org/stable/c/5f91fc82794d4a6e41cdcd02d00baa377d94ca78
- https://git.kernel.org/stable/c/baa23a8d4360d981a49913841a726edede5cdd54
