PT-2024-33795 · Linux+8 · Linux Kernel+8
Published
2024-09-04
·
Updated
2026-03-14
·
CVE-2024-49954
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Linux kernel versions prior to 6.6.58
Description:
The issue concerns a memory allocation failure in the Linux kernel, specifically in the
static call module notify() function. When memory allocation fails in static call add module(), it triggers a WARN ON(), which can cause the machine to panic if panic on warn is set. This is not justified as the failure case should be handled correctly by the call chain, and the error code is passed to the userspace application. The fix replaces the WARN ON() with a pr warn().Recommendations:
For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider disabling the
panic on warn setting to prevent the machine from panicking when a WARN ON() is triggered. However, this is not a permanent solution and updating the kernel is recommended.Exploit
Fix
Assertion Failure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu