CVE-2024-52319
Published: 11 January 2025
Summary
CVE-2024-52319 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 2.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-52319 is a vulnerability in the Linux kernel's memory management subsystem, specifically affecting the handling of huge pages in hugetlb_no_page(). The issue arises when hugetlb_no_page() passes a fault address that may not be aligned to the huge page size to folio_zero_user(), which in turn can invoke clear_gigantic_page(). This function expects a huge page size-aligned address, and passing an unaligned one can lead to memory corruption or information leakage. The vulnerability is classified under CWE-787 (Out-of-bounds Write) with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
A local attacker with low privileges (PR:L) can exploit this vulnerability without user interaction. By triggering a page fault in a context involving gigantic huge pages, the attacker can cause clear_gigantic_page() to operate on an unaligned address, potentially resulting in arbitrary memory corruption or leakage of sensitive kernel memory contents. The high impact scores across confidentiality, integrity, and availability indicate severe consequences, such as kernel crashes, privilege escalation, or exposure of other processes' data.
The provided references point to kernel patch commits that resolve the issue by ensuring an aligned address is used in clear_gigantic_page() and renaming the parameter from 'addr' to 'addr_hint' for clarity. Security practitioners should apply these patches from the stable kernel branches (e.g., commits 8aca2bc96c833ba695ede7a45ad7784c836a262e and b79b6fe0737f233f0be1465052b7f0e75f324735) to mitigate the vulnerability in affected Linux distributions.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-46254
Vulnerability details
In the Linux kernel, the following vulnerability has been resolved: mm: use aligned address in clear_gigantic_page() In current kernel, hugetlb_no_page() calls folio_zero_user() with the fault address. Where the fault address may be not aligned with the huge page size. Then,…
more
folio_zero_user() may call clear_gigantic_page() with the address, while clear_gigantic_page() requires the address to be huge page size aligned. So, this may cause memory corruption or information leak, addtional, use more obvious naming 'addr_hint' instead of 'addr' for clear_gigantic_page().
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local kernel memory corruption vulnerability directly enables exploitation for privilege escalation via page fault handling in hugetlb.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SI-2 mandates timely remediation of identified flaws, directly addressing CVE-2024-52319 by applying Linux kernel patches to fix unaligned address handling in clear_gigantic_page().
RA-5 requires periodic vulnerability scanning to identify systems affected by kernel vulnerabilities like CVE-2024-52319, enabling prompt patching.
SI-16 enforces memory protections such as kernel address randomization and supervisor protections that mitigate exploitation of memory corruption in huge page handling.