Linux · Linux Kernel · CVE-2024-57874
**Name of the Vulnerable Software and Affected Versions**
Linux kernel versions prior to 6.6.74
**Description**
The issue is related to the Linux kernel's ptrace functionality, specifically the arm64 architecture. The problem arises when the `tagged addr ctrl set()` function does not initialize a temporary variable, potentially leading to the leakage of up to 64 bits of memory from the kernel stack. This occurs when a SETREGSET call is made with a length of zero. The exposure is limited, as the read is restricted to a specific slot on the stack, and there is no write mechanism provided. The `set tagged addr ctrl()` function only accepts values with bits [63:4] set to zero, which limits the success of a partial SETREGSET attempt. The fix involves initializing the temporary value before copying the regset from userspace.
**Recommendations**
To resolve the issue, update to Linux kernel version 6.6.74 or later. As a temporary workaround, consider restricting access to the `tagged addr ctrl set()` function until a patch is available. Additionally, avoid using the `NT ARM TAGGED ADDR CTRL` regset in the `user aarch64 view` used by native AArch64 tasks to manipulate other native AArch64 tasks.