CVE-2024-51729
Published: 11 January 2025
Summary
CVE-2024-51729 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 2.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates CVE-2024-51729 by requiring timely patching of the Linux kernel flaw that causes memory corruption from unaligned addresses in copy_user_gigantic_page().
Implements memory safeguards such as address space layout randomization or data execution prevention to limit exploitation of the out-of-bounds write in gigantic page handling.
Enables identification of the kernel vulnerability through continuous or periodic scanning, supporting prompt remediation to prevent memory corruption or leakage.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local kernel memory corruption/info leak directly enables privilege escalation (T1068) and credential access (T1212) via out-of-bounds write/leakage in hugetlb handling.
NVD Description
In the Linux kernel, the following vulnerability has been resolved: mm: use aligned address in copy_user_gigantic_page() In current kernel, hugetlb_wp() calls copy_user_large_folio() with the fault address. Where the fault address may be not aligned with the huge page size. Then,…
more
copy_user_large_folio() may call copy_user_gigantic_page() with the address, while copy_user_gigantic_page() requires the address to be huge page size aligned. So, this may cause memory corruption or information leak, addtional, use more obvious naming 'addr_hint' instead of 'addr' for copy_user_gigantic_page().
Deeper analysisAI
CVE-2024-51729 is a vulnerability in the Linux kernel's memory management subsystem, specifically affecting the handling of gigantic pages in the `copy_user_gigantic_page()` function. The issue arises when `hugetlb_wp()` passes an unaligned fault address to `copy_user_large_folio()`, which in turn calls `copy_user_gigantic_page()` expecting a huge page size-aligned address. This misalignment can lead to memory corruption or information leakage. The vulnerability is classified under CWE-787 (Out-of-bounds Write) with a CVSS v3.1 base score of 7.8.
A local attacker with low privileges (AV:L/AC:L/PR:L/UI:N/S:U) can exploit this vulnerability due to its low attack complexity and lack of user interaction requirements. Successful exploitation enables high-impact confidentiality, integrity, and availability violations (C:H/I:H/A:H), potentially allowing arbitrary memory corruption or leakage of sensitive data through mishandled gigantic page copies.
Mitigation involves applying the relevant patches from the Linux kernel stable trees, as detailed in the commit fixes: cb12d61361ce769672c7c7bd32107252598cdd8b and f5d09de9f1bf9674c6418ff10d0a40cfe29268e1. These updates ensure aligned addresses are used (renaming the parameter to `addr_hint` for clarity) and resolve the unaligned access issue. Security practitioners should update affected kernel versions promptly.
Details
- CWE(s)