CVE-2024-56761

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Jan 6, 2025

Updated: Jan 9, 2025

Summary

CVE-2024-56761 is a vulnerability affecting the Linux kernel that can lead to a dead loop if the Wake-up From Exception (WFE) state is not cleared properly in the x86 FRED (Fast Response Exception Delivery) subsystem. The WFE state is saved and restored in FRED's expanded CS area, allowing it to persist across instruction boundaries. If the WFE state is not cleared, the CPU may enter a dead loop when encountering a missing-ENDBRANCH condition. This issue is not related to the Interrupt Descriptor Table (IDT) or the IRET instruction, as they do not preserve WFE or set it during execution. To mitigate this vulnerability, software must ensure that the WFE state is cleared in the appropriate circumstances to avoid dead locking. Failure to clear WFE in other situations could result in security-relevant bugs.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Linux Kernel

Affected Vendors

LINUX

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

US Violent Extremists Likely Shifting Focus to Targeted Physical Threats in 2025

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Threats to the 2025 NATO Summit

Know What Matters

For Customers

For Partners