CVE-2024-49975
📋 TL;DR
This CVE-2024-49975 is a kernel information leak vulnerability in the Linux kernel's uprobes subsystem. It allows uninitialized memory to be mapped into userspace, potentially exposing sensitive kernel data. Any system running an affected Linux kernel version with uprobes enabled is vulnerable.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
An attacker could read sensitive kernel memory contents, potentially exposing cryptographic keys, process memory, or other privileged information that could lead to further exploitation.
Likely Case
Information disclosure of kernel memory contents, which could aid attackers in developing more sophisticated exploits or bypassing security mechanisms.
If Mitigated
Limited impact with proper kernel hardening and minimal information exposure if the vulnerability is patched or workarounds are applied.
🎯 Exploit Status
Exploitation requires local access and ability to interact with uprobes functionality. The vulnerability is an information leak rather than direct code execution.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel trees (commits: 21cb47db1ec9765f91304763a24565ddc22d2492, 24141df5a8615790950deedd926a44ddf1dfd6d8, 2aa45f43709ba2082917bd2973d02687075b6eee, 34820304cc2cd1804ee1f8f3504ec77813d29c8e, 5b981d8335e18aef7908a068529a3287258ff6d8)
Vendor Advisory: https://git.kernel.org/stable/c/21cb47db1ec9765f91304763a24565ddc22d2492
Restart Required: Yes
Instructions:
1. Update to a patched kernel version from your distribution's repositories. 2. Reboot the system to load the new kernel. 3. Verify the kernel version after reboot.
🔧 Temporary Workarounds
Disable uprobes
linuxDisable the uprobes subsystem to prevent exploitation of this vulnerability
echo 0 > /sys/kernel/debug/tracing/uprobe_profile
modprobe -r uprobes
🧯 If You Can't Patch
- Restrict access to debugfs and tracing interfaces to privileged users only
- Implement strict access controls and monitoring for local users who could potentially exploit this vulnerability
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare with patched versions from distribution vendor. Check if uprobes module is loaded: lsmod | grep uprobesCheck Version:
uname -rVerify Fix Applied:
Verify kernel version after update and ensure uprobes module functions correctly if needed for debugging📡 Detection & Monitoring
Log Indicators:
- Unusual access to /sys/kernel/debug/tracing interfaces
- Suspicious uprobes-related system calls
Network Indicators:
- Not applicable - local vulnerability
SIEM Query:
Process monitoring for access to debugfs/tracing interfaces by non-privileged users🔗 References
- https://git.kernel.org/stable/c/21cb47db1ec9765f91304763a24565ddc22d2492
- https://git.kernel.org/stable/c/24141df5a8615790950deedd926a44ddf1dfd6d8
- https://git.kernel.org/stable/c/2aa45f43709ba2082917bd2973d02687075b6eee
- https://git.kernel.org/stable/c/34820304cc2cd1804ee1f8f3504ec77813d29c8e
- https://git.kernel.org/stable/c/5b981d8335e18aef7908a068529a3287258ff6d8
- https://git.kernel.org/stable/c/9634e8dc964a4adafa7e1535147abd7ec29441a6
- https://git.kernel.org/stable/c/f31f92107e5a8ecc8902705122c594e979a351fe
- https://git.kernel.org/stable/c/f561b48d633ac2e7d0d667020fc634a96ade33a0
- https://git.kernel.org/stable/c/fe5e9182d3e227476642ae2b312e2356c4d326a3
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
