CVE-2024-43849
📋 TL;DR
This CVE describes a race condition vulnerability in the Linux kernel's Qualcomm Platform Dependency Register (PDR) subsystem. When the service locator server restarts rapidly, concurrent modifications to locator_addr fields can occur without proper synchronization, potentially leading to memory corruption or system instability. This affects Linux systems with Qualcomm hardware that use the PDR subsystem.
💻 Affected Systems
- Linux kernel with Qualcomm PDR subsystem
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel memory corruption leading to system crash, denial of service, or potential privilege escalation if combined with other vulnerabilities.
Likely Case
System instability, kernel panics, or service disruptions when the service locator server restarts frequently.
If Mitigated
Minor performance impact during service locator restarts with proper locking in place.
🎯 Exploit Status
Exploitation requires triggering rapid service locator server restarts and precise timing to cause race conditions. No public exploits have been reported.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 107924c14e3ddd85119ca43c26a4ee1056fa9b84, 3e815626d73e05152a8142f6e44aecc4133e6e08, 475a77fb3f0e1d527f56c60b79f5879661df5b80, 8543269567e2fb3d976a8255c5e348aed14f98bc, d0870c4847e77a49c2f91bb2a8e0fa3c1f8dea5c
Vendor Advisory: https://git.kernel.org/stable/c/107924c14e3ddd85119ca43c26a4ee1056fa9b84
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check with your distribution vendor for specific patched kernel versions. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable PDR subsystem if not needed
linuxIf the Qualcomm PDR subsystem is not required for your system's operation, it can be disabled via kernel configuration.
# Recompile kernel with CONFIG_QCOM_PDR=n
🧯 If You Can't Patch
- Monitor system logs for service locator restart patterns and investigate frequent restarts
- Implement strict access controls to prevent unauthorized users from triggering service restarts
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if running on Qualcomm hardware with PDR enabled: 'uname -r' and check kernel config for CONFIG_QCOM_PDRCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits: 'uname -r' and check with distribution vendor for specific patched versions📡 Detection & Monitoring
Log Indicators:
- Frequent service locator server restarts
- Kernel panic logs related to PDR subsystem
- Memory corruption errors in kernel logs
Network Indicators:
- None - this is a local kernel vulnerability
SIEM Query:
source="kernel" AND ("PDR" OR "locator_addr" OR "service locator") AND ("panic" OR "corruption" OR "restart")🔗 References
- https://git.kernel.org/stable/c/107924c14e3ddd85119ca43c26a4ee1056fa9b84
- https://git.kernel.org/stable/c/3e815626d73e05152a8142f6e44aecc4133e6e08
- https://git.kernel.org/stable/c/475a77fb3f0e1d527f56c60b79f5879661df5b80
- https://git.kernel.org/stable/c/8543269567e2fb3d976a8255c5e348aed14f98bc
- https://git.kernel.org/stable/c/d0870c4847e77a49c2f91bb2a8e0fa3c1f8dea5c
- https://git.kernel.org/stable/c/eab05737ee22216250fe20d27f5a596da5ea6eb7
- https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
