CVE-2024-48876
📋 TL;DR
A race condition vulnerability in the Linux kernel's stackdepot subsystem could cause deadlock when stack_depot_save_flags() is called from NMI (Non-Maskable Interrupt) context with STACK_DEPOT_FLAG_CAN_ALLOC disabled. This affects Linux systems where stack tracing is enabled and NMIs occur while pool_lock is held, potentially causing system hangs or crashes.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
System deadlock leading to kernel panic, system crash, or denial of service requiring physical reboot.
Likely Case
System instability, occasional hangs, or performance degradation when NMIs occur during stack trace operations.
If Mitigated
Minor performance impact or failed stack trace collection in NMI context without system disruption.
🎯 Exploit Status
This is a reliability/DoS issue rather than a privilege escalation or code execution vulnerability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel trees via provided git commits
Vendor Advisory: https://git.kernel.org/stable/c/031e04bdc834cda3b054ef6b698503b2b97e8186
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing fixes 2. Reboot system 3. Verify kernel version after reboot
🔧 Temporary Workarounds
Disable stackdepot
linuxDisable CONFIG_STACKDEPOT kernel configuration to avoid the vulnerable code path
Rebuild kernel with CONFIG_STACKDEPOT=n
Reduce NMI frequency
linuxConfigure system to minimize Non-Maskable Interrupts where possible
Check /proc/interrupts for NMI counts
Adjust hardware/perf monitoring settings
🧯 If You Can't Patch
- Monitor system for unexplained hangs or crashes and maintain current backups
- Isolate affected systems from critical production workloads where possible
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if stackdepot is enabled: grep CONFIG_STACKDEPOT /boot/config-$(uname -r)Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated and system stability during stress/performance testing📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- System hang/crash reports in /var/log/messages or journalctl
- NMI watchdog timeouts
Network Indicators:
- None - this is a local kernel issue
SIEM Query:
Search for: 'kernel panic', 'NMI', 'deadlock', 'stackdepot' in system logs