CVE-2024-53097

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.65

Description The issue is related to a false alarm in the Memory Tagging Extension (MTE) caused by a mismatch between the pointer tag and the memory tag when zeroing out spare memory in do krealloc. This problem occurs because the original code only considered software-based KASAN and did not account for MTE, leading to a false positive. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations To resolve the issue, update to Linux kernel version 6.6.65 or later. As a temporary workaround, consider disabling the do krealloc function until a patch is available. However, this is not a recommended solution as it may cause other issues. The best course of action is to update to the fixed version of the kernel. At the moment, there is no other information about additional mitigation measures.