CVE-2024-57872
📋 TL;DR
This CVE describes a memory leak vulnerability in the Linux kernel's UFS (Universal Flash Storage) driver. When removing the UFS host controller platform device, the driver fails to properly deallocate the HBA (Host Bus Adapter), leading to memory that should be freed remaining allocated. This affects systems using UFS storage with vulnerable Linux kernel versions.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained memory exhaustion leading to system instability, crashes, or denial of service conditions over time as memory leaks accumulate during repeated device removal operations.
Likely Case
Gradual memory consumption increase during device hot-unplug operations, potentially causing performance degradation or application failures if memory pressure becomes significant.
If Mitigated
Minimal impact with proper monitoring and system maintenance; memory leaks would be contained to specific device removal events.
🎯 Exploit Status
Exploitation requires ability to trigger device removal operations, typically requiring privileged access or physical manipulation of storage hardware.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 897df60c16d54ad515a3d0887edab5c63da06d1f and cd188519d2467ab4c2141587b0551ba030abff0e
Vendor Advisory: https://git.kernel.org/stable/c/897df60c16d54ad515a3d0887edab5c63da06d1f
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Avoid UFS device removal
linuxPrevent triggering the vulnerable code path by avoiding hot-unplug of UFS storage devices.
🧯 If You Can't Patch
- Monitor system memory usage for unusual increases during UFS device operations
- Implement system restart schedules to clear accumulated memory leaks
🔍 How to Verify
Check if Vulnerable:
Check if UFS driver is loaded: 'lsmod | grep ufs' and check kernel version against patched versionsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits: 'uname -r' and check with distribution vendor for patch inclusion📡 Detection & Monitoring
Log Indicators:
- Kernel oom-killer events
- Memory pressure warnings in dmesg
- UFS driver removal messages
SIEM Query:
source="kernel" AND ("out of memory" OR "oom-killer" OR "UFS")