CVE-2024-55916

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74

Description A vulnerability in the Linux kernel has been resolved, which could cause a kernel NULL pointer dereference when the KVP (or VSS) daemon starts before the VMBus channel's ringbuffer is fully initialized. This can happen because the KVP/VSS channel callback can be invoked even before the channel is fully opened. The issue is caused by the kvp register done() function, which can cause the channel callback to be called before the channel is fully opened, resulting in a NULL pointer dereference. To fix the panic, the steps in util probe() have been reordered to prevent the race condition from happening.

Recommendations For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to fix the vulnerability. As a temporary workaround, consider disabling the kvp register done() function until a patch is available. Restrict access to the /dev/vmbus/hv kvp device file to minimize the risk of exploitation. Avoid using the KVP OP REGISTER1 message in the affected API endpoint until the issue is resolved.