CVE-2024-49962
📋 TL;DR
This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's ACPICA subsystem. If the ACPI_ALLOCATE_ZEROED() memory allocation fails in the acpi_db_convert_to_package() function, subsequent code attempts to access the NULL pointer, causing a kernel panic or system crash. This affects systems running vulnerable Linux kernel versions with ACPI functionality enabled.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to complete system crash and denial of service, potentially requiring physical access to restart affected systems.
Likely Case
System crash or kernel panic when specific ACPI operations are performed, resulting in temporary denial of service until system reboot.
If Mitigated
No impact if the vulnerable code path is not triggered or if proper memory allocation succeeds.
🎯 Exploit Status
Exploitation requires triggering specific ACPI operations that cause memory allocation failure, which may be difficult to reliably achieve.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commit 4d4547cf13cca820ff7e0f859ba83e1a610b9fd0 or later
Vendor Advisory: https://git.kernel.org/stable/c/1c9b8775062f8d854a80caf186af57fc617d454c
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable ACPI debugging
linuxPrevent triggering of vulnerable code path by disabling ACPI debugging functionality
echo 0 > /sys/module/acpi/parameters/debug_level
🧯 If You Can't Patch
- Restrict local user access to systems to reduce attack surface
- Monitor system logs for kernel panic events and ACPI-related errors
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare with distribution security advisories; examine if ACPI debugging is enabledCheck Version:
uname -rVerify Fix Applied:
Verify kernel version after update matches patched version; check that system doesn't crash during ACPI operations📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- NULL pointer dereference errors in kernel logs
- ACPI subsystem crash logs
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
source="kernel" AND ("NULL pointer dereference" OR "kernel panic" OR "ACPI error")🔗 References
- https://git.kernel.org/stable/c/1c9b8775062f8d854a80caf186af57fc617d454c
- https://git.kernel.org/stable/c/402b4c6b7500c7cca6972d2456a4a422801035b5
- https://git.kernel.org/stable/c/4588ea78d3904bebb613b0bb025669e75800f546
- https://git.kernel.org/stable/c/4669da66ebc5b09881487f30669b0fcdb462188e
- https://git.kernel.org/stable/c/a5242874488eba2b9062985bf13743c029821330
- https://git.kernel.org/stable/c/a907c113a8b66972f15f084d7dff960207b1f71d
- https://git.kernel.org/stable/c/ae5d4c7e76ba393d20366dfea1f39f24560ffb1d
- https://git.kernel.org/stable/c/cbb67e245dacd02b5e1d82733892647df1523982
- https://git.kernel.org/stable/c/f282db38953ad71dd4f3f8877a4e1d37e580e30a
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
