CVE-2024-39277
📋 TL;DR
This CVE describes an out-of-bounds array access vulnerability in the Linux kernel's DMA mapping benchmark module. When NUMA_NO_NODE is passed to cpumask_of_node(), it causes an array index of -1, leading to undefined behavior. This affects Linux systems with the DMA mapping benchmark enabled, typically requiring local access.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system crash due to memory corruption, potentially leading to denial of service or information disclosure through memory access.
Likely Case
System instability or crash when the DMA mapping benchmark is used with invalid node parameters, requiring local access to trigger.
If Mitigated
No impact if the DMA mapping benchmark module is not loaded or if proper input validation prevents NUMA_NO_NODE from reaching vulnerable code.
🎯 Exploit Status
Requires local access and ability to call the map_benchmark_ioctl with specific parameters. The vulnerability was found through code analysis/sanitizers rather than active exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits listed in references (stable backports available)
Vendor Advisory: https://git.kernel.org/stable/c/50ee21bfc005e69f183d6b4b454e33f0c2571e1f
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing fix commits. 2. For distributions: Use package manager to update kernel package. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable DMA mapping benchmark module
linuxPrevent loading of vulnerable module by blacklisting or disabling at kernel build
echo 'blacklist dma_map_benchmark' > /etc/modprobe.d/disable-dma-benchmark.conf
update-initramfs -u
Unload module if loaded
linuxRemove the module from memory if currently loaded
rmmod dma_map_benchmark
🧯 If You Can't Patch
- Ensure DMA mapping benchmark module is not loaded in production systems
- Restrict access to /dev/map_benchmark device file to prevent unauthorized ioctl calls
🔍 How to Verify
Check if Vulnerable:
Check if dma_map_benchmark module is loaded: lsmod | grep dma_map_benchmark. If loaded and kernel version is before fixes, system is vulnerable.Check Version:
uname -rVerify Fix Applied:
Check kernel version includes fix commits or verify module is not loaded. Uname -r to check version, lsmod to check module status.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- UBSAN array-index-out-of-bounds warnings in dmesg
- Process crashes related to dma_map_benchmark
Network Indicators:
- None - local vulnerability only
SIEM Query:
Process execution of dma_map_benchmark or ioctl calls to /dev/map_benchmark🔗 References
- https://git.kernel.org/stable/c/50ee21bfc005e69f183d6b4b454e33f0c2571e1f
- https://git.kernel.org/stable/c/5a91116b003175302f2e6ad94b76fb9b5a141a41
- https://git.kernel.org/stable/c/8e1ba9df9a35e8dc64f657a64e523c79ba01e464
- https://git.kernel.org/stable/c/b41b0018e8ca06e985e87220a618ec633988fd13
- https://git.kernel.org/stable/c/e64746e74f717961250a155e14c156616fcd981f
- https://git.kernel.org/stable/c/50ee21bfc005e69f183d6b4b454e33f0c2571e1f
- https://git.kernel.org/stable/c/5a91116b003175302f2e6ad94b76fb9b5a141a41
- https://git.kernel.org/stable/c/8e1ba9df9a35e8dc64f657a64e523c79ba01e464
- https://git.kernel.org/stable/c/b41b0018e8ca06e985e87220a618ec633988fd13
- https://git.kernel.org/stable/c/e64746e74f717961250a155e14c156616fcd981f
