CVE-2024-49975

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58

Description: A kernel info leak has been resolved in the Linux kernel. The issue occurs because the xol add vma() function maps an uninitialized page allocated by create xol area() into userspace, making this memory readable on some architectures, such as x86, even without the necessary permissions. This allows a debugger to read the memory, potentially exposing sensitive information.

Recommendations: For versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider restricting access to the xol add vma() function and the create xol area() function until a patch is available. Additionally, ensure that the VM READ and VM EXEC permissions are properly set to minimize the risk of exploitation.