CVE-2024-53065

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 19, 2024
Updated: Nov 25, 2024

Summary

CVE-2024-53065 is a vulnerability in the Linux kernel that arises due to a duplicate kmem_cache creation. The issue stemmed from a commit that reduced the minimum alignment for KMALLOC_MINALIGN from 8 to 4 on arm64 architectures with KASAN_HW_TAGS enabled, causing the aliasing of kmalloc_caches[*][8] and kmalloc_caches[*][16]. Consequently, kmem_buckets_create() attempted to create a kmem_cache for size 16 twice, resulting in warnings on boot. These warnings, in turn, caused system instability and potential security vulnerabilities.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share