Linux Kernal Vulnerability Let Attackers Bypass CPU & Gain Read/Write Access

Researchers have uncovered a critical vulnerability within the Linux kernel’s dmam_free_coherent() function.

This flaw, identified as CVE-2024-43856, stems from a race condition caused by the improper order of operations when freeing Direct Memory Access (DMA) allocations and managing associated resources.

The vulnerability poses a significant risk, as it could allow attackers to bypass CPU protections and gain unauthorized read/write access to system memory.

Understanding the Vulnerability

DMA is a crucial mechanism that enables hardware devices to transfer data directly to and from system memory without CPU involvement, enhancing performance.

Free Webinar on Detecting & Blocking Supply Chain Attack -> Book your Spot

The dmam_free_coherent() function frees a DMA allocation and removes the associated data structure used to track it. However, a flaw in this process could lead to system instabilities, data corruption, unexpected behavior, or even crashes.

The vulnerability arises from a race condition where a concurrent task could allocate memory with the same virtual address and add it to the tracking list before removing the original entry.

If exploited, this could result in the devres_destroy function freeing the wrong entry, triggering a WARN_ON assertion in the dmam_match function.

This scenario could allow attackers to manipulate memory allocations, potentially leading to severe security breaches.

The Patch – CVE-2024-43856

In response to this vulnerability, a new patch has been committed to the Linux kernel by Greg Kroah-Hartman.

Lance Richardson from Google authored the patch, which modifies the dmam_free_coherent () function to address a bug in DMA allocation handling.

The solution involves swapping the order of function calls to ensure the tracking data structure is destroyed using devres_destroy before the DMA allocation is freed with dma_free_coherent.

This change prevents the possibility of a concurrent task interfering with the cleanup process.

The patch has undergone testing on Google’s internal “kokonut” network encryption project. It has been signed off by Christoph Hellwig and Sasha Levin, indicating its readiness for inclusion in the mainline Linux kernel.

This proactive measure highlights the developer community’s ongoing efforts to identify and rectify potential bugs, ensuring a more stable and reliable operating system for users worldwide.

While exploiting the dmam_free_coherent() vulnerability to write arbitrary data into CPU memory would be complex and highly dependent on specific system configurations, the patch provides a crucial safeguard against potential attacks.

As the Linux kernel continues to evolve and power a vast array of devices, addressing vulnerabilities like CVE-2024-43856 is essential to maintaining the security and integrity of systems globally.

This case underscores the importance of vigilance and collaboration within the open-source community to protect against emerging threats.

Are you from SOC and DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Access

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Nearest Neighbor Attacks: Russian APT Hack The Target By Exploiting Nearby Wi-Fi Networks

Recent research has revealed that a Russian advanced persistent threat (APT) group, tracked as "GruesomeLarch"…

1 day ago

240+ Domains Used By PhaaS Platform ONNX Seized by Microsoft

Microsoft's Digital Crimes Unit (DCU) has disrupted a significant phishing-as-a-service (PhaaS) operation run by Egypt-based…

2 days ago

Russian TAG-110 Hacked 60+ Users With HTML Loaded & Python Backdoor

The Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in Central…

2 days ago

Earth Kasha Upgraded Their Arsenal With New Tactics To Attack Organizations

Earth Kasha, a threat actor linked to APT10, has expanded its targeting scope to India,…

2 days ago

Raspberry Robin Employs TOR Network For C2 Servers Communication

Raspberry Robin, a stealthy malware discovered in 2021, leverages advanced obfuscation techniques to evade detection…

2 days ago

145,000 ICS Systems, Thousands of HMIs Exposed to Cyber Attacks

Critical infrastructure, the lifeblood of modern society, is under increasing threat as a new report…

2 days ago