CVE-2024-50114 – This CVE describes a use-after-free vulnerabili... (How to Fix)

Q: What is the severity of CVE-2024-50114?

CVE-2024-50114 has a CVSS score of 7.8 (HIGH). This CVE describes a use-after-free vulnerability in the Linux kernel's KVM (Kernel-based Virtual Machine) subsystem for ARM64. When vCPU creation fails in specific error conditions, the kernel fails to properly unregister redistributor MMIO regions, leading to memory corruption when the VM is destroyed. This affects systems running Linux with KVM virtualization on ARM64 architecture.

📋 TL;DR

This CVE describes a use-after-free vulnerability in the Linux kernel's KVM (Kernel-based Virtual Machine) subsystem for ARM64. When vCPU creation fails in specific error conditions, the kernel fails to properly unregister redistributor MMIO regions, leading to memory corruption when the VM is destroyed. This affects systems running Linux with KVM virtualization on ARM64 architecture.

💻 Affected Systems

Products:

Linux kernel

Versions: Linux kernel versions containing commit 6bcc2890b883ba1d16b8942937750565f6e9db0d up to fix commit ae8f8b37610269009326f4318df161206c59843e

Operating Systems: Linux distributions with ARM64 support

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when KVM virtualization is enabled and used on ARM64 systems. Requires CONFIG_KVM=y and ARM64 architecture.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel crash leading to denial of service, potential privilege escalation to kernel mode, or VM escape allowing guest-to-host attacks.

🟠

Likely Case

Kernel panic or system crash causing denial of service, potentially requiring physical reboot.

🟢

If Mitigated

No impact if systems are patched or don't use KVM virtualization on ARM64.

🌐 Internet-Facing: LOW - Requires local access to trigger via KVM operations.

🏢 Internal Only: MEDIUM - Can be exploited by users with KVM privileges on affected systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires ability to create/destroy VMs via KVM. Discovered through syzkaller fuzzing. No public exploits known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel with commit ae8f8b37610269009326f4318df161206c59843e

Vendor Advisory: https://git.kernel.org/stable/c/ae8f8b37610269009326f4318df161206c59843e

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing fix commit ae8f8b37610269009326f4318df161206c59843e. 2. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable KVM on ARM64

linux

Disable KVM virtualization support if not required

echo 'blacklist kvm' >> /etc/modprobe.d/blacklist.conf
echo 'blacklist kvm_arm' >> /etc/modprobe.d/blacklist.conf

🧯 If You Can't Patch

Restrict KVM access to trusted users only via proper privilege separation
Monitor system logs for KVM-related crashes or suspicious VM creation patterns

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if running on ARM64 with KVM enabled: uname -r and check /proc/cpuinfo for ARM64

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commit: git log --oneline | grep 'ae8f8b37610269009326f4318df161206c59843e'

📡 Detection & Monitoring

Log Indicators:

KASAN reports of use-after-free in kvm_put_kvm
Kernel panics during VM teardown
KVM-related crashes in dmesg

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND ("KASAN: slab-use-after-free" OR "kvm_put_kvm" OR "BUG: KASAN")

📊 Metadata

CVE ID: CVE-2024-50114

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: November 5, 2024

Last Updated: December 11, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-50114, you might also want to check these: