CVE-2024-56662
📋 TL;DR
This CVE describes an out-of-bounds read vulnerability in the Linux kernel's ACPI NFIT driver. Attackers could exploit this to read kernel memory, potentially leaking sensitive information or causing system instability. Systems running vulnerable Linux kernel versions with ACPI NFIT support are affected.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel memory disclosure leading to privilege escalation, system crash, or information leakage of sensitive kernel data.
Likely Case
System instability, kernel panic, or information disclosure of non-sensitive kernel memory.
If Mitigated
Minimal impact with proper kernel hardening and access controls in place.
🎯 Exploit Status
Requires local access or ability to pass specially crafted ACPI tables to the kernel.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patched in stable kernel versions via commits referenced in CVE
Vendor Advisory: https://git.kernel.org/stable/c/143f723e9eb4f0302ffb7adfdc7ef77eab3f68e0
Restart Required: Yes
Instructions:
1. Update to latest stable kernel version containing the fix. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable ACPI NFIT support
linuxRemove or disable NFIT module to prevent exploitation
echo 'blacklist nfit' > /etc/modprobe.d/blacklist-nfit.conf
rmmod nfit
🧯 If You Can't Patch
- Restrict physical and privileged access to systems
- Implement strict access controls and monitoring for kernel module loading
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if NFIT module is loaded: lsmod | grep nfitCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is patched and NFIT module functions normally📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- KASAN error messages related to vmalloc-out-of-bounds
Network Indicators:
- None - local vulnerability
SIEM Query:
source="kernel" AND ("KASAN" OR "vmalloc-out-of-bounds" OR "nfit")🔗 References
- https://git.kernel.org/stable/c/143f723e9eb4f0302ffb7adfdc7ef77eab3f68e0
- https://git.kernel.org/stable/c/212846fafb753a48e869e2a342fc1e24048da771
- https://git.kernel.org/stable/c/265e98f72bac6c41a4492d3e30a8e5fd22fe0779
- https://git.kernel.org/stable/c/616aa5f3c86e0479bcbb81e41c08c43ff32af637
- https://git.kernel.org/stable/c/bbdb3307f609ec4dc9558770f464ede01fe52aed
- https://git.kernel.org/stable/c/e08dc2dc3c3f7938df0e4476fe3e6fdec5583c1d
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
