PT-2024-9009 · Linux+5 · Linux Kernel+5
Boy Wu
·
Published
2024-05-30
·
Updated
2025-09-17
·
CVE-2024-36906
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Linux kernel versions prior to 6.6.37
Description:
The vulnerability is related to the kasan component of the Linux kernel, which is responsible for detecting invalid memory accesses. The issue arises when the arm architecture does not clear stale stack poison in the case of cpuidle, leading to a stack-out-of-bounds error. This can cause the kernel to crash or produce spurious error messages. The vulnerability is exploited by writing to a memory address outside the bounds of a stack frame, which can be achieved by manipulating the stack pointer or using a buffer overflow attack.
Technical details about exploitation:
- The
refresh cpu vm stats.constprop.0function is vulnerable to a stack-out-of-bounds error. - The
kasan check rangefunction is used to detect invalid memory accesses, but it may not correctly handle the case where the stack pointer is manipulated to point outside the bounds of a stack frame. - The
memsetfunction is used to write to a memory address, which can be used to exploit the vulnerability by writing to an address outside the bounds of a stack frame.
Recommendations:
To resolve the issue, update the Linux kernel to version 6.6.37 or later. This version includes a patch that clears stale stack poison in the case of cpuidle, preventing the stack-out-of-bounds error. Additionally, consider disabling the kasan component or restricting its use to minimize the risk of exploitation until the patch is applied.
Exploit
Fix
Out of bounds Read
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu