CVE-2024-44969
📋 TL;DR
A memory management vulnerability in the Linux kernel's s390/sclp component where interrupted Store Data operations could lead to memory leaks if hardware/firmware malfunctions occur during halt attempts. This affects Linux systems running on IBM s390 architecture. The vulnerability could allow limited memory exhaustion under specific hardware failure conditions.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained memory leak leading to kernel memory exhaustion, system instability, or denial of service on s390 systems with repeated hardware/firmware malfunctions.
Likely Case
Minor memory leak of a few pages during rare hardware/firmware malfunction events, with minimal operational impact.
If Mitigated
No impact if hardware functions normally or systems are patched.
🎯 Exploit Status
Exploitation requires local access, ability to trigger specific hardware/firmware malfunctions, and repeated triggering of the vulnerable condition.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel trees (commits referenced in CVE)
Vendor Advisory: https://git.kernel.org/stable/c/1e8b7fb427af6b2ddd54eff66a6b428a81c96633
Restart Required: Yes
Instructions:
1. Update to latest stable Linux kernel version containing the fix. 2. For distributions: Use package manager (apt/yum/zypper) to update kernel package. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
No practical workaround
linuxNo configuration-based workaround available due to kernel-level nature of vulnerability.
🧯 If You Can't Patch
- Monitor system memory usage on s390 systems for unusual patterns
- Implement strict access controls to limit who can run processes on s390 systems
🔍 How to Verify
Check if Vulnerable:
Check kernel version and architecture: uname -a should show s390 architecture and kernel version before patchesCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits or is newer than patched versions📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages related to sclp or memory allocation failures
- System log entries showing abnormal memory consumption on s390 systems
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("sclp" OR "memory allocation failure") AND host_arch="s390"🔗 References
- https://git.kernel.org/stable/c/1e8b7fb427af6b2ddd54eff66a6b428a81c96633
- https://git.kernel.org/stable/c/1ec5ea9e25f582fd6999393e2f2c3bf56f234e05
- https://git.kernel.org/stable/c/2429ea3b4330e3653b72b210a0d5f2a717359506
- https://git.kernel.org/stable/c/46f67233b011385d53cf14d272431755de3a7c79
- https://git.kernel.org/stable/c/7a7e60ed23d471a07dbbe72565d2992ee8244bbe
- https://git.kernel.org/stable/c/a3e52a4c22c846858a6875e1c280030a3849e148
- https://git.kernel.org/stable/c/a88a49473c94ccfd8dce1e766aacf3c627278463
- https://git.kernel.org/stable/c/bf365071ea92b9579d5a272679b74052a5643e35
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
