CVE-2024-47716

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.58

Description The issue is related to the handling of floating point instructions in userspace, which can cause some ARM kernels built with clang/LLD 17.0.6 to crash. The problem occurs when the kernel is built with DYNAMIC DEBUG=n, as the pr debug() calls act as barriers even when not activated. A minimal userspace reproducer is available, and the bug can be consistently triggered using a specific Python command. The issue is resolved in upstream kernel version 6.6.58.

Recommendations For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider building the kernel with DYNAMIC DEBUG=y to avoid the crash. Additionally, avoid using the vulnerable vfp support entry() function until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation.