CVE-2024-26989

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.37

Description The vulnerability is related to a level 3 translation fault in the swsusp save() function when attempting to access MEMBLOCK NOMAP memory ranges on arm64 machines. This issue can be reproduced in QEMU using UEFI when booting with specific configurations. The problem arises from the kernel page present() function assuming a page is always present when can set direct map() is false, regardless of MEMBLOCK NOMAP ranges. These regions should not be saved during hibernation. The issue was introduced by changes to the pfn valid() logic and can be resolved by dropping the !can set direct map() check in kernel page present().

Recommendations To resolve this issue, update the Linux kernel to version 6.6.37 or later. As a temporary workaround, consider disabling the swsusp save() function until a patch is available. Restrict access to the vulnerable kernel page present() function to minimize the risk of exploitation. Avoid using the can set direct map() parameter in the affected API endpoint until the issue is resolved.