Login Sign Up

CVE-2024-53142

7.8 HIGH
Buffer Overflow

📋 TL;DR

A buffer overrun vulnerability in the Linux kernel's initramfs cpio archive filename handling allows specially crafted archives to create files with trailing uninitialized memory characters. This affects Linux systems using initramfs, though exploitation requires control over the initramfs creation process. The vulnerability is mitigated by the fact that creating malicious initramfs entries already requires significant system access.

💻 Affected Systems

Products:
  • Linux Kernel
Versions: Multiple stable versions before fixes in commits 1a423bbbeaf9e3e20c4686501efd9b661fe834db and others
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using initramfs; embedded systems or those with custom init may not be vulnerable.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with ability to modify initramfs could create files with unpredictable names containing memory artifacts, potentially leading to privilege escalation or system instability.

🟠

Likely Case

Limited impact since creating malicious initramfs requires root or equivalent access, making this primarily a local integrity issue.

🟢

If Mitigated

Minimal impact with proper access controls preventing unauthorized initramfs modification.

🌐 Internet-Facing: LOW - Requires local access or ability to modify initramfs, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Could be leveraged by attackers with existing local access to create unpredictable file artifacts.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Proof-of-concept script provided in CVE description; exploitation requires ability to modify initramfs which typically requires elevated privileges.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commits 1a423bbbeaf9e3e20c4686501efd9b661fe834db, 49d01e736c3045319e030d1e75fb983011abaca7, 6983b8ac787b3add5571cda563574932a59a99bb, bb7ac96670ab1d8d681015f9d66e45dad579af4d, c509b1acbd867d9e09580fe059a924cb5825afb1

Vendor Advisory: https://git.kernel.org/stable/c/1a423bbbeaf9e3e20c4686501efd9b661fe834db

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. Rebuild initramfs if needed. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Restrict initramfs modification

linux

Prevent unauthorized users from modifying initramfs files

chmod 600 /boot/initramfs-*
chown root:root /boot/initramfs-*

Use signed initramfs

linux

Implement secure boot with signed initramfs verification

Configure UEFI Secure Boot with kernel and initramfs signing

🧯 If You Can't Patch

  • Implement strict access controls on /boot directory and initramfs files
  • Monitor for unauthorized initramfs modifications using file integrity monitoring

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with patched versions; examine if initramfs contains test files from PoC

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits; test with reproducer script to ensure no file creation

📡 Detection & Monitoring

Log Indicators:

  • Unexpected file creations in root filesystem during boot
  • Kernel panic or errors during initramfs extraction

Network Indicators:

  • None - local vulnerability only

SIEM Query:

File creation events for patterns matching 'initramfs_test_fname_overrun*' or unexpected files during system boot

📊 Metadata

CVE ID: CVE-2024-53142
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: December 6, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-53142, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)