CVE-2024-52332
Published: 11 January 2025
Summary
CVE-2024-52332 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 1.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-11 (Error Handling).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates timely identification, reporting, and correction of the kernel flaw in igb_init_module() via upstream patches to eliminate the invalid memory access risk.
Enforces implementation of error handling mechanisms to detect pci_register_driver() failures and maintain a secure state by properly unregistering the dca_notifier.
Provides memory protection safeguards that mitigate exploitation of the out-of-bounds read (CWE-125) resulting from improper notifier handling post-module initialization failure.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OOB read in kernel driver enables local info disclosure (T1005) and system DoS via crash (T1499.004).
NVD Description
In the Linux kernel, the following vulnerability has been resolved: igb: Fix potential invalid memory access in igb_init_module() The pci_register_driver() can fail and when this happened, the dca_notifier needs to be unregistered, otherwise the dca_notifier can be called when igb…
more
fails to install, resulting to invalid memory access.
Deeper analysisAI
CVE-2024-52332 is a vulnerability in the Linux kernel's igb driver, specifically within the igb_init_module() function. It arises when pci_register_driver() fails during module initialization, but the dca_notifier is not unregistered. This can lead to the notifier being called after the igb module fails to install, resulting in invalid memory access classified as CWE-125 (Out-of-bounds Read). The vulnerability carries a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H), indicating high severity due to potential confidentiality and availability impacts.
A local attacker with low privileges (PR:L) can exploit this vulnerability with low attack complexity and no user interaction required. Exploitation occurs in a local attack vector (AV:L) with unchanged scope (S:U), potentially allowing the attacker to trigger invalid memory access. This could result in high confidentiality impact, such as information disclosure through out-of-bounds reads, and high availability impact, such as denial of service via system crashes or instability.
Mitigation involves applying the upstream kernel patches referenced in the stable repository commits, including 0566f83d206c7a864abcd741fe39d6e0ae5eef29, 4458046617dfadc351162dbaea1945c57eebdf36, 4fe517643f529e805bb6b890a4331c100e8f2484, 8009cdcc493fa30d4572016daf2d6999da4d6c54, and 992fd34122de377b45cb75b64fc7f17fc1e6ed2f. Security practitioners should update affected Linux kernel versions to incorporate these fixes, particularly on systems using the igb driver for Intel Gigabit Ethernet hardware.
Details
- CWE(s)