Login Sign Up

CVE-2024-56677

5.5 MEDIUM

📋 TL;DR

A Linux kernel vulnerability in the PowerPC fadump (firmware-assisted dump) feature causes improper memory alignment during CMA (Contiguous Memory Allocator) initialization, leading to a kernel panic. This affects systems running Linux kernels with PowerPC architecture and fadump enabled. The vulnerability can cause system crashes during boot or memory management operations.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected versions not explicitly stated in CVE, but patches exist in stable kernel trees (see references). Likely affects multiple recent versions before fixes.
Operating Systems: Linux distributions running on PowerPC architecture
Default Config Vulnerable: ✅ No
Notes: Only affects systems with PowerPC architecture and fadump (firmware-assisted dump) feature enabled. Most x86/x64 systems are not affected.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

System crashes with kernel panic during boot or memory operations, causing denial of service and potential data loss in crash dump scenarios.

🟠

Likely Case

System instability or crashes during boot when fadump is configured, particularly on PowerPC systems with specific memory configurations.

🟢

If Mitigated

No impact if fadump is disabled or systems don't use PowerPC architecture.

🌐 Internet-Facing: LOW - Requires local access or specific kernel configuration to trigger.
🏢 Internal Only: MEDIUM - Can affect PowerPPC servers and systems with fadump enabled, potentially causing service disruptions.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Exploitation requires specific system configuration (PowerPC with fadump) and likely local access. This appears to be a stability bug rather than a security vulnerability with remote exploitation potential.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available in stable kernel trees (see git.kernel.org references). Specific kernel versions with fixes: check commit hashes provided.

Vendor Advisory: https://git.kernel.org/stable/c/05b94cae1c47f94588c3e7096963c1007c4d9c1d

Restart Required: Yes

Instructions:

1. Update to a patched Linux kernel version containing the fix. 2. For PowerPC systems: ensure you're using kernel with commit 05b94cae1c47f94588c3e7096963c1007c4d9c1d or later. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable fadump

linux

Disable firmware-assisted dump feature to avoid the vulnerable code path.

echo 0 > /sys/kernel/fadump/enabled
Add 'fadump=off' to kernel boot parameters

🧯 If You Can't Patch

  • Disable fadump feature on PowerPC systems
  • Avoid using CMA memory allocations on affected PowerPC systems

🔍 How to Verify

Check if Vulnerable:

Check if system is PowerPC architecture and fadump is enabled: 'uname -m' should show ppc* and check /sys/kernel/fadump/enabled

Check Version:

uname -r

Verify Fix Applied:

Check kernel version includes fix commits: 'uname -r' and verify with distribution patch notes. Check git log for commit 05b94cae1c47f94588c3e7096963c1007c4d9c1d

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages with 'VM_BUG_ON_PAGE(pfn & ((1 << order) - 1))'
  • System crash during boot with CMA-related errors
  • Messages about fadump initialization failures

Network Indicators:

  • None - this is a local kernel issue

SIEM Query:

Search for kernel logs containing: 'VM_BUG_ON_PAGE' AND 'CMA' OR 'fadump'

📊 Metadata

CVE ID: CVE-2024-56677
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-908
Published: December 28, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-56677, you might also want to check these:

CVE-2021-26305 9.8

CVE-2021-26305 is a deserialization vulnerability in the cdr crate for Rust that allows a malicious ...

Same vulnerability type (CWE-908)
CVE-2020-36443 9.8

This vulnerability in libp2p-deflate crate for Rust allows reading uninitialized memory due to passi...

Same vulnerability type (CWE-908)
CVE-2020-36452 9.8

This vulnerability in the array-tools Rust crate allows attackers to cause memory corruption by expl...

Same vulnerability type (CWE-908)