CVE-2024-49860
📋 TL;DR
This CVE-2024-49860 is a Linux kernel vulnerability in the ACPI sysfs subsystem where improper validation of the _STR method's return type could lead to memory access violations. Attackers could potentially exploit this to cause kernel crashes or achieve local privilege escalation. All Linux systems using affected kernel versions are vulnerable.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation leading to full system compromise, kernel panic causing system crashes, or information disclosure through memory access.
Likely Case
Kernel panic leading to denial of service (system crash/reboot) when malicious ACPI tables are loaded.
If Mitigated
System remains stable with proper kernel patches applied; unpatched systems risk crashes when accessing specific ACPI sysfs entries.
🎯 Exploit Status
Exploitation requires local access and ability to load or modify ACPI tables, or trigger specific sysfs operations. No public exploit code is known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 0cdfb9178a3bba843c95c2117c82c15f1a64b9ce, 2364b6af90c6b6d8a4783e0d3481ca80af699554, 4b081991c4363e072e1748efed0bbec8a77daba5, 4bb1e7d027413835b086aed35bc3f0713bc0f72b, 5c8d007c14aefc3f2ddf71e4c40713733dc827be
Vendor Advisory: https://git.kernel.org/stable/c/0cdfb9178a3bba843c95c2117c82c15f1a64b9ce
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Restrict ACPI sysfs access
linuxLimit access to ACPI sysfs entries to prevent triggering the vulnerability
chmod 600 /sys/firmware/acpi/*
chown root:root /sys/firmware/acpi/*
Disable ACPI sysfs if not needed
linuxPrevent loading of ACPI sysfs module if system doesn't require it
echo 'blacklist acpi' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u
🧯 If You Can't Patch
- Implement strict access controls to limit local user privileges
- Monitor system logs for kernel panic events related to ACPI
🔍 How to Verify
Check if Vulnerable:
Check kernel version against distribution security advisories; examine if ACPI sysfs is accessible and system uses affected kernel commitsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits; test accessing ACPI sysfs entries to ensure no crashes occur📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/kern.log or dmesg
- ACPI-related error messages or segmentation faults
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
source="kern.log" AND ("kernel panic" OR "segmentation fault") AND ("ACPI" OR "_STR")🔗 References
- https://git.kernel.org/stable/c/0cdfb9178a3bba843c95c2117c82c15f1a64b9ce
- https://git.kernel.org/stable/c/2364b6af90c6b6d8a4783e0d3481ca80af699554
- https://git.kernel.org/stable/c/4b081991c4363e072e1748efed0bbec8a77daba5
- https://git.kernel.org/stable/c/4bb1e7d027413835b086aed35bc3f0713bc0f72b
- https://git.kernel.org/stable/c/5c8d007c14aefc3f2ddf71e4c40713733dc827be
- https://git.kernel.org/stable/c/92fd5209fc014405f63a7db79802ca4b01dc0c05
- https://git.kernel.org/stable/c/f0921ecd4ddc14646bb5511f49db4d7d3b0829f0
- https://git.kernel.org/stable/c/f51e5a88f2e7224858b261546cf6b3037dfb1323
- https://git.kernel.org/stable/c/f51f711d36e61fbb87c67b524fd200e05172668d
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
