CVE-2024-58019
📋 TL;DR
A memory corruption vulnerability in the Linux kernel's NVIDIA GPU System Processor (GSP) driver allows local attackers to trigger a kernel panic (denial of service) by exploiting incorrect pointer arithmetic when processing GSP event messages. This affects systems with NVIDIA GPUs using the nvkm driver module. The vulnerability requires local access to the system.
💻 Affected Systems
- Linux kernel nvkm/gsp driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to kernel-level code execution, though this appears less likely given the NULL pointer dereference pattern.
Likely Case
Local denial of service through kernel panic, crashing the system and requiring reboot.
If Mitigated
No impact if the vulnerable driver module is not loaded or if systems have restricted local access.
🎯 Exploit Status
Exploitation requires triggering specific GSP message handling conditions. The NULL pointer dereference suggests reliable DoS but privilege escalation would require more sophisticated exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel stable releases with commits 5185e63b45ea, 67c9cf82f502, 8d9beb4aebc0
Vendor Advisory: https://git.kernel.org/stable/c/5185e63b45ea39339ed83f269e2ddfafb07e70d9
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from distribution vendor. 2. For custom kernels, apply commits 5185e63b45ea, 67c9cf82f502, 8d9beb4aebc0. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable nvkm module
linuxPrevent loading of vulnerable driver module if NVIDIA GPU functionality not required.
echo 'blacklist nvkm' >> /etc/modprobe.d/blacklist.conf
rmmod nvkm
Restrict local access
allLimit local user access to systems with vulnerable configurations.
🧯 If You Can't Patch
- Implement strict local access controls and user privilege separation
- Monitor for kernel panic events and investigate any crashes related to nvkm/gsp
🔍 How to Verify
Check if Vulnerable:
Check if nvkm module is loaded: lsmod | grep nvkm. Check kernel version against patched releases.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits or is newer than patched releases. Confirm nvkm module loads without issues.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages mentioning nvkm, gsp, or NULL pointer dereference at address 0000000000000020
- Messages containing 'BUG: kernel NULL pointer dereference' with nvkm in call trace
SIEM Query:
source="kernel" AND ("NULL pointer dereference" OR "kernel panic") AND ("nvkm" OR "gsp")