PT-2024-3344 · Linux+7 · Linux Kernel+7

Ricardo Neri

·

Published

2024-01-12

·

Updated

2025-10-22

·

CVE-2024-26646

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to the Intel Hardware Feedback Interface (HFI) in the Linux kernel. When resuming from hibernation, the restore kernel allocates a second memory buffer and reprograms the HFI hardware with the new location, which may differ from the one allocated by the image kernel. This can lead to memory corruption if the hardware writes to the invalid buffer. Additionally, the hardware may "forget" the address of the memory buffer when resuming from "deep" suspend, also potentially causing memory corruption.
Recommendations To prevent the described memory corruption, disable HFI when preparing to suspend or hibernate. Enable it when resuming. Add syscore callbacks to handle the package of the boot CPU. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-99

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
BDU:2024-03616
CVE-2024-26646
INFSA-2024_9315
OPENSUSE-SU-2024_1322-1
OPENSUSE-SU-2024_1322-2
OPENSUSE-SU-2024_1332-1
OPENSUSE-SU-2024_1332-2
OPENSUSE-SU-2024_1466-1
OPENSUSE-SU-2024_1480-1
OPENSUSE-SU-2024_1490-1
RHSA-2024:9315
RHSA-2024_9315
SUSE-SU-2024:1466-1
SUSE-SU-2024:1480-1
SUSE-SU-2024:1490-1
USN-6765-1
USN-6818-1
USN-6818-2
USN-6818-3
USN-6818-4
USN-6819-1
USN-6819-2
USN-6819-3
USN-6819-4

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu