CVE-2024-57838
📋 TL;DR
This CVE addresses a Linux kernel stack depot exhaustion vulnerability on s390 architecture systems. When PREEMPT and KASAN are enabled, missing IRQ entry markers can cause stack depot capacity warnings and potential system instability. Only affects Linux systems running on s390 architecture with specific kernel configurations.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
System instability or denial of service due to stack depot exhaustion, potentially causing kernel panics or system crashes.
Likely Case
Kernel warnings about stack depot capacity, possible performance degradation, but no direct security compromise.
If Mitigated
Minor performance impact from stack trace collection, no security impact.
🎯 Exploit Status
Exploitation requires local access, specific kernel configuration (PREEMPT+KASAN), and s390 architecture. More of a stability issue than security vulnerability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel branches (commits: 1af22528fee8072b7adc007b8ca49cc4ea62689e, 45c9f2b856a075a34873d00788d2e8a250c1effd, 473ffae3030188f1c6b80e1b3631a26b4adf7b32, 5bb7a2c3afcf8732dc65ea49c09147b07da1d993)
Vendor Advisory: https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. For s390 systems: Apply kernel patches that move IO/EXT interrupt handlers to .irqentry.text section. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable KASAN and PREEMPT
s390Disable kernel address sanitizer and preemptive kernel features to avoid triggering the stack depot issue
Rebuild kernel with CONFIG_KASAN=n and CONFIG_PREEMPT=n
🧯 If You Can't Patch
- Monitor system logs for stack depot warnings and restart affected systems if warnings appear
- Consider migrating workloads from s390 to other architectures if possible
🔍 How to Verify
Check if Vulnerable:
Check if running on s390 architecture with PREEMPT and KASAN enabled: 'uname -m' should show s390 and check kernel config for CONFIG_PREEMPT=y and CONFIG_KASAN=yCheck Version:
uname -rVerify Fix Applied:
Check kernel version after update and verify no stack depot warnings in dmesg: 'dmesg | grep -i "stack depot"'📡 Detection & Monitoring
Log Indicators:
- Stack depot reached limit capacity warnings in kernel logs
- WARNING: CPU: 0 PID: at lib/stackdepot.c:252 depot_alloc_stack
Network Indicators:
- None - local kernel issue only
SIEM Query:
source="kernel" AND "stack depot" AND "limit capacity"🔗 References
- https://git.kernel.org/stable/c/1af22528fee8072b7adc007b8ca49cc4ea62689e
- https://git.kernel.org/stable/c/45c9f2b856a075a34873d00788d2e8a250c1effd
- https://git.kernel.org/stable/c/473ffae3030188f1c6b80e1b3631a26b4adf7b32
- https://git.kernel.org/stable/c/5bb7a2c3afcf8732dc65ea49c09147b07da1d993
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
