CVE-2024-57874

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74

Description The issue is related to the Linux kernel's ptrace functionality, specifically the arm64 architecture. The problem arises when the tagged addr ctrl set() function does not initialize a temporary variable, potentially leading to the leakage of up to 64 bits of memory from the kernel stack. This occurs when a SETREGSET call is made with a length of zero. The exposure is limited, as the read is restricted to a specific slot on the stack, and there is no write mechanism provided. The set tagged addr ctrl() function only accepts values with bits [63:4] set to zero, which limits the success of a partial SETREGSET attempt. The fix involves initializing the temporary value before copying the regset from userspace.

Recommendations To resolve the issue, update to Linux kernel version 6.6.74 or later. As a temporary workaround, consider restricting access to the tagged addr ctrl set() function until a patch is available. Additionally, avoid using the NT ARM TAGGED ADDR CTRL regset in the user aarch64 view used by native AArch64 tasks to manipulate other native AArch64 tasks.