PT-2024-33948 · Linux+9 · Linux Kernel+9

Kirk Swidowski

·

Published

2024-10-20

·

Updated

2025-11-18

·

CVE-2024-50115

CVSS v3.1

7.1

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.61
Description: The issue is related to the KVM: nSVM flow in the Linux kernel, where bits 4:0 of CR3 are not ignored when loading PDPTEs from memory for nested SVM. This can result in an out-of-bounds read in the worst-case scenario, for example, if the target page is at the end of a memslot and the VMM isn't using guard pages. According to the APM and SDM, the low 5 address bits 4:0 of the CR3 register are assumed to be 0 and ignored.
Recommendations: For Linux kernel versions prior to 6.6.61, update to version 6.6.61 or later to resolve the issue. As a temporary workaround, consider restricting the use of the nSVM flow in KVM to minimize the risk of exploitation.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2024:11486
ALSA-2024_11486
ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2024-15245
ALT-PU-2024-15251
ALT-PU-2024-15473
ALT-PU-2024-15739
ALT-PU-2024-16172
ALT-PU-2024-17099
ALT-PU-2024-17211
ALT-PU-2025-12647
AZL-52464
AZL-52529
BDU:2025-03127
CVE-2024-50115
DLA-4008-1
DLA-4075-1
INFSA-2024_11486
MGASA-2024-0368
MGASA-2024-0369
OESA-2024-2445
OESA-2024-2446
OESA-2024-2447
OESA-2024-2448
OESA-2024-2449
OPENSUSE-SU-2024:14500-1
OPENSUSE-SU-2024_4313-1
OPENSUSE-SU-2024_4314-1
OPENSUSE-SU-2024_4315-1
OPENSUSE-SU-2024_4316-1
OPENSUSE-SU-2024_4346-1
OPENSUSE-SU-2024_4376-1
OPENSUSE-SU-2025:14705-1
OPENSUSE-SU-2025_01610-1
OPENSUSE-SU-2025_01655-1
OPENSUSE-SU-2025_01656-1
OPENSUSE-SU-2025_01663-1
OPENSUSE-SU-2025_01668-1
OPENSUSE-SU-2025_01669-1
OPENSUSE-SU-2025_01675-1
OPENSUSE-SU-2025_01676-1
OPENSUSE-SU-2025_01677-1
OPENSUSE-SU-2025_01682-1
OPENSUSE-SU-2025_01683-1
OPENSUSE-SU-2025_01692-1
OPENSUSE-SU-2025_0833-1
OPENSUSE-SU-2025_0835-1
OPENSUSE-SU-2025_0847-1
OPENSUSE-SU-2025_0853-1
OPENSUSE-SU-2025_0855-1
OPENSUSE-SU-2025_0856-1
OPENSUSE-SU-2025_0955-1
RHSA-2024:11486
RHSA-2024_11486
SUSE-SU-2024:4313-1
SUSE-SU-2024:4314-1
SUSE-SU-2024:4315-1
SUSE-SU-2024:4316-1
SUSE-SU-2024:4317-1
SUSE-SU-2024:4318-1
SUSE-SU-2024:4345-1
SUSE-SU-2024:4346-1
SUSE-SU-2024:4364-1
SUSE-SU-2024:4367-1
SUSE-SU-2024:4376-1
SUSE-SU-2024:4387-1
SUSE-SU-2024:4388-1
SUSE-SU-2025:0035-1
SUSE-SU-2025:01590-1
SUSE-SU-2025:01593-1
SUSE-SU-2025:01601-1
SUSE-SU-2025:01603-1
SUSE-SU-2025:01610-1
SUSE-SU-2025:01652-1
SUSE-SU-2025:01655-1
SUSE-SU-2025:01656-1
SUSE-SU-2025:01663-1
SUSE-SU-2025:01668-1
SUSE-SU-2025:01669-1
SUSE-SU-2025:01675-1
SUSE-SU-2025:01676-1
SUSE-SU-2025:01677-1
SUSE-SU-2025:01682-1
SUSE-SU-2025:01683-1
SUSE-SU-2025:01692-1
SUSE-SU-2025:0784-1
SUSE-SU-2025:0833-1
SUSE-SU-2025:0833-2
SUSE-SU-2025:0834-1
SUSE-SU-2025:0835-1
SUSE-SU-2025:0847-1
SUSE-SU-2025:0853-1
SUSE-SU-2025:0855-1
SUSE-SU-2025:0856-1
SUSE-SU-2025:0867-1
SUSE-SU-2025:0945-1
SUSE-SU-2025:0955-1
SUSE-SU-2025:20163-1
SUSE-SU-2025:20164-1
SUSE-SU-2025:20190-1
SUSE-SU-2025:20192-1
SUSE-SU-2025:20246-1
SUSE-SU-2025:20247-1
SUSE-SU-2025:20260-1
SUSE-SU-2025:20270-1
SUSE-SU-2025:20339-1
SUSE-SU-2025:20340-1
SUSE-SU-2025:20349-1
SUSE-SU-2025:20351-1
SUSE-SU-2025:20367-1
SUSE-SU-2025:20368-1
SUSE-SU-2025:4123-1
SUSE-SU-2025_0833-1
SUSE-SU-2025_0833-2
SUSE-SU-2025_0834-1
SUSE-SU-2025_0835-1
SUSE-SU-2025_0847-1
SUSE-SU-2025_0855-1
SUSE-SU-2025_0856-1
SUSE-SU-2025_0955-1
USN-7276-1
USN-7277-1
USN-7288-1
USN-7288-2
USN-7289-1
USN-7289-2
USN-7289-3
USN-7289-4
USN-7291-1
USN-7305-1
USN-7308-1
USN-7310-1
USN-7331-1
USN-7388-1
USN-7389-1
USN-7390-1
USN-7449-1
USN-7449-2
USN-7450-1
USN-7451-1
USN-7452-1
USN-7453-1
USN-7458-1
USN-7468-1
USN-7523-1
USN-7524-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu