CVE-2024-42158
📋 TL;DR
This CVE addresses a memory handling issue in the Linux kernel's s390/pkey module where sensitive cryptographic key material might not be properly cleared before being freed. The vulnerability affects Linux systems running on IBM Z/s390 architecture with the pkey module loaded. Attackers could potentially access residual key material in memory, though exploitation requires local access.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local attacker could extract cryptographic keys from kernel memory, potentially compromising encryption, authentication, or other security mechanisms relying on those keys.
Likely Case
Information disclosure of sensitive cryptographic material to local users with sufficient privileges to access kernel memory.
If Mitigated
Minimal impact if proper access controls prevent unauthorized local users from accessing kernel memory or if the pkey module isn't loaded.
🎯 Exploit Status
Exploitation requires local access and ability to read kernel memory. The vulnerability is a memory handling issue rather than a direct code execution flaw.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel trees via commits 22e6824622e8a8889df0f8fc4ed5aea0e702a694 and 62151a0acde90823bdfa991d598c85cf4b1d387d
Vendor Advisory: https://git.kernel.org/stable/c/22e6824622e8a8889df0f8fc4ed5aea0e702a694
Restart Required: Yes
Instructions:
1. Update to a patched Linux kernel version containing the fix. 2. Reboot the system to load the new kernel. 3. Verify the pkey module is using kfree_sensitive() instead of memzero_explicit() + kfree().
🔧 Temporary Workarounds
Unload pkey module
linuxRemove the vulnerable kernel module if not required
rmmod pkey
Restrict module loading
linuxPrevent loading of the pkey module
echo 'install pkey /bin/false' >> /etc/modprobe.d/blacklist.conf
🧯 If You Can't Patch
- Restrict local user access to systems running on s390 architecture
- Implement strict access controls and monitoring for systems that must run the pkey module
🔍 How to Verify
Check if Vulnerable:
Check if running on s390 architecture and pkey module is loaded: 'uname -m' and 'lsmod | grep pkey'Check Version:
uname -rVerify Fix Applied:
Inspect kernel source or disassembly to verify kfree_sensitive() is used instead of memzero_explicit() + kfree() in pkey module📡 Detection & Monitoring
Log Indicators:
- Kernel oops or crashes related to pkey module
- Unauthorized attempts to access /dev/mem or /dev/kmem
Network Indicators:
- No network-based indicators as this is a local vulnerability
SIEM Query:
Process monitoring for attempts to read kernel memory or load/unload pkey module