CVE-2024-43854
📋 TL;DR
A memory disclosure vulnerability in the Linux kernel's block layer allows uninitialized kernel memory to be written to storage media during integrity metadata operations. This affects systems using block device integrity features (like DIF/DIX or T10 PI). Attackers with write access to affected storage could potentially read sensitive kernel memory from the media.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sensitive kernel memory (including cryptographic keys, process data, or other secrets) could be exfiltrated from storage media, leading to complete system compromise or data breach.
Likely Case
Limited information disclosure of kernel memory contents to storage media, which could be read by attackers with access to the storage device or backups.
If Mitigated
Minimal impact if integrity features are disabled or if storage is properly isolated and encrypted.
🎯 Exploit Status
Exploitation requires write access to storage with integrity features enabled and ability to read the written data from storage media.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 129f95948a96105c1fad8e612c9097763e88ac5f, 23a19655fb56f241e592041156dfb1c6d04da644, 3fd11fe4f20756b4c0847f755a64cd96f8c6a005, 899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f, 9f4af4cf08f9a0329ade3d938f55d2220c40d0a6
Vendor Advisory: https://git.kernel.org/stable/c/129f95948a96105c1fad8e612c9097763e88ac5f
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable block integrity features
linuxDisable T10 PI/DIF/DIX integrity features if not required
Check if integrity is enabled: cat /sys/block/[device]/integrity/read_verify
Disable via device configuration or kernel parameters
🧯 If You Can't Patch
- Disable block device integrity features on all storage devices
- Implement strict access controls to storage media and backups
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if integrity features are enabled on block devices: uname -r && ls -la /sys/block/*/integrity/Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits and integrity buffers are zeroed during writes📡 Detection & Monitoring
Log Indicators:
- Kernel logs showing integrity metadata operations
- Storage access patterns reading from integrity-protected devices
Network Indicators:
- N/A - local storage vulnerability
SIEM Query:
Search for kernel panic logs or integrity-related errors in system logs🔗 References
- https://git.kernel.org/stable/c/129f95948a96105c1fad8e612c9097763e88ac5f
- https://git.kernel.org/stable/c/23a19655fb56f241e592041156dfb1c6d04da644
- https://git.kernel.org/stable/c/3fd11fe4f20756b4c0847f755a64cd96f8c6a005
- https://git.kernel.org/stable/c/899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f
- https://git.kernel.org/stable/c/9f4af4cf08f9a0329ade3d938f55d2220c40d0a6
- https://git.kernel.org/stable/c/cf6b45ea7a8df0f61bded1dc4a8561ac6ad143d2
- https://git.kernel.org/stable/c/d418313bd8f55c079a7da12651951b489a638ac1
- https://git.kernel.org/stable/c/ebc0e91ba76dc6544fff9f5b66408b1982806a00
- https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
