CVE-2024-56765
📋 TL;DR
A use-after-free vulnerability in the Linux kernel's PowerPC pSeries VAS (Virtual Accelerator Switchboard) subsystem allows local attackers to cause memory corruption. The issue occurs when a VAS window's paste address mapping is unmapped via munmap() without updating the VMA pointer, leading to invalid memory access during migration. This affects Linux systems running on IBM PowerPC pSeries hardware with VAS enabled.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to kernel-level code execution, system crash, or data corruption leading to complete system compromise.
Likely Case
Kernel panic or system crash causing denial of service, potentially allowing local privilege escalation in combination with other vulnerabilities.
If Mitigated
Limited to denial of service if exploit attempts are detected and contained by security controls.
🎯 Exploit Status
Exploitation requires local access and knowledge of VAS subsystem usage. The KASAN report shows the crash occurs during migration operations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 05aa156e156ef3168e7ab8a68721945196495c17, 6d9cd27105459f169993a4c5f216499a946dbf34, 8b2282b5084521254a2cd9742a3f4e1d5b77f843, b7f60ffdfd96f8fc826f1d61a1c6067d828e20b9
Vendor Advisory: https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable VAS functionality
LinuxDisable the Virtual Accelerator Switchboard subsystem if not required
echo 'blacklist vas' >> /etc/modprobe.d/blacklist.conf
reboot
🧯 If You Can't Patch
- Restrict local user access to systems with VAS enabled
- Implement strict access controls and monitoring for PowerPC pSeries systems
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if running on PowerPC pSeries: uname -r && cat /proc/cpuinfo | grep -i powerCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits: git log --oneline | grep -E '05aa156e156e|6d9cd2710545|8b2282b50845|b7f60ffdfd96'📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- KASAN reports of use-after-free in reconfig_close_windows
- drmgr process crashes during migration
Network Indicators:
- None - local vulnerability only
SIEM Query:
process.name:drmgr AND (event.action:crash OR log.level:panic)🔗 References
- https://git.kernel.org/stable/c/05aa156e156ef3168e7ab8a68721945196495c17
- https://git.kernel.org/stable/c/6d9cd27105459f169993a4c5f216499a946dbf34
- https://git.kernel.org/stable/c/8b2282b5084521254a2cd9742a3f4e1d5b77f843
- https://git.kernel.org/stable/c/b7f60ffdfd96f8fc826f1d61a1c6067d828e20b9
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
