CVE-2024-40953
📋 TL;DR
This CVE describes a data race condition in the Linux kernel's KVM subsystem where concurrent access to the 'last_boosted_vcpu' variable could lead to out-of-bounds array indexing. The vulnerability affects systems running KVM virtualization with 257 or more vCPUs, potentially causing kernel crashes or instability.
💻 Affected Systems
- Linux Kernel with KVM
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system crash due to out-of-bounds memory access, leading to denial of service for all VMs on the host.
Likely Case
System instability or kernel crash when running VMs with 257+ vCPUs under high contention scenarios.
If Mitigated
No impact for systems with fewer than 257 vCPUs per VM or with proper kernel patching.
🎯 Exploit Status
Exploitation requires running VMs with 257+ vCPUs and concurrent access to trigger the race condition.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing the fix commits: 11a772d5376aa6d3e2e69b5b5c585f79b60c0e17, 49f683b41f28918df3e51ddc0d928cb2e934ccdb, 4c141136a28421b78f34969b25a4fa32e06e2180, 71fbc3af3dacb26c3aa2f30bb3ab05c44d082c84, 82bd728a06e55f5b5f93d10ce67f4fe7e689853a
Vendor Advisory: https://git.kernel.org/stable/c/11a772d5376aa6d3e2e69b5b5c585f79b60c0e17
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load new kernel. 3. Verify kernel version with 'uname -r'.
🔧 Temporary Workarounds
Limit vCPU count per VM
linuxConfigure VMs with fewer than 257 vCPUs to avoid triggering the race condition.
virsh edit <vm_name> # Edit vCPU count to < 257
Set <vcpu>256</vcpu> in VM XML configuration
🧯 If You Can't Patch
- Ensure no VMs are configured with 257 or more vCPUs
- Monitor system logs for KVM-related crashes or instability
🔍 How to Verify
Check if Vulnerable:
Check if running affected kernel version and if any VMs have 257+ vCPUs: 'virsh list --all' and 'virsh vcpuinfo <vm_name>'Check Version:
uname -rVerify Fix Applied:
Verify kernel version contains fix commits and no VMs have 257+ vCPUs📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- KVM error logs in dmesg
- System crashes during VM operations
Network Indicators:
- Sudden loss of connectivity to VMs
- VM migration failures
SIEM Query:
source="kernel" AND ("KVM" OR "last_boosted_vcpu") AND ("panic" OR "crash" OR "BUG")🔗 References
- https://git.kernel.org/stable/c/11a772d5376aa6d3e2e69b5b5c585f79b60c0e17
- https://git.kernel.org/stable/c/49f683b41f28918df3e51ddc0d928cb2e934ccdb
- https://git.kernel.org/stable/c/4c141136a28421b78f34969b25a4fa32e06e2180
- https://git.kernel.org/stable/c/71fbc3af3dacb26c3aa2f30bb3ab05c44d082c84
- https://git.kernel.org/stable/c/82bd728a06e55f5b5f93d10ce67f4fe7e689853a
- https://git.kernel.org/stable/c/92c77807d938145c7c3350c944ef9f39d7f6017c
- https://git.kernel.org/stable/c/95c8dd79f3a14df96b3820b35b8399bd91b2be60
- https://git.kernel.org/stable/c/a937ef951bba72f48d2402451419d725d70dba20
- https://git.kernel.org/stable/c/49f683b41f28918df3e51ddc0d928cb2e934ccdb
- https://git.kernel.org/stable/c/92c77807d938145c7c3350c944ef9f39d7f6017c
- https://git.kernel.org/stable/c/95c8dd79f3a14df96b3820b35b8399bd91b2be60
- https://git.kernel.org/stable/c/a937ef951bba72f48d2402451419d725d70dba20
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
