CVE-2024-56742
📋 TL;DR
This CVE describes a memory leak vulnerability in the Linux kernel's vfio/mlx5 driver. When the mlx5vf_add_migration_pages() function fails to add allocated pages to the scatter-gather table, it doesn't properly free those pages, leading to memory exhaustion over time. This affects systems using the vfio/mlx5 driver for NVIDIA/Mellanox device passthrough.
💻 Affected Systems
- Linux kernel with vfio/mlx5 driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could lead to kernel memory exhaustion, causing system instability, denial of service, or potential kernel crashes.
Likely Case
Gradual memory consumption leading to performance degradation and eventual system instability requiring reboot.
If Mitigated
Minimal impact with proper monitoring and memory limits in place.
🎯 Exploit Status
Requires local access and ability to trigger the specific error condition in the migration pages allocation path.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check kernel versions containing commits: 22e87bf3f77c18f5982c19ffe2732ef0c7a25f16, 769fe4ce444b646b0bf6ac308de80686c730c7df, c44f1b2ddfa81c8d7f8e9b6bc76c427bc00e69d5
Vendor Advisory: https://git.kernel.org/stable/c/22e87bf3f77c18f5982c19ffe2732ef0c7a25f16
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Reboot system. 3. Verify kernel version with 'uname -r'. 4. Check if vfio/mlx5 module is loaded with 'lsmod | grep mlx5'.
🔧 Temporary Workarounds
Disable vfio/mlx5 driver
linuxPrevent loading of vulnerable driver module
echo 'blacklist mlx5_vfio' >> /etc/modprobe.d/blacklist.conf
rmmod mlx5_vfio
Limit memory usage
linuxSet memory limits to contain potential memory exhaustion
sysctl -w vm.overcommit_memory=2
sysctl -w vm.overcommit_ratio=50
🧯 If You Can't Patch
- Monitor system memory usage closely for abnormal consumption patterns.
- Restrict access to virtualization features and device passthrough capabilities to trusted users only.
🔍 How to Verify
Check if Vulnerable:
Check kernel version and verify if vfio/mlx5 driver is loaded: 'lsmod | grep mlx5_vfio'Check Version:
uname -rVerify Fix Applied:
Verify kernel version contains the fix commits and test vfio/mlx5 functionality.📡 Detection & Monitoring
Log Indicators:
- Kernel OOM (Out of Memory) messages in dmesg
- Abnormal memory consumption in system logs
- vfio/mlx5 driver error messages
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("out of memory" OR "OOM" OR "mlx5_vfio")