CVE-2024-57943
Published: 21 January 2025
Summary
CVE-2024-57943 is a high-severity Access of Uninitialized Pointer (CWE-824) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 21.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely patching of the Linux kernel exFAT vulnerability to zero new buffers before writing, directly eliminating the flaw.
Restricts least functionality by prohibiting unnecessary exFAT filesystem support, removing the vulnerable component from the attack surface.
Vulnerability scanning detects unpatched kernels affected by CVE-2024-57943, enabling remediation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local kernel info-leak and corruption bug directly enables privilege escalation via exploitation and unauthorized data collection from system memory.
NVD Description
In the Linux kernel, the following vulnerability has been resolved: exfat: fix the new buffer was not zeroed before writing Before writing, if a buffer_head marked as new, its data must be zeroed, otherwise uninitialized data in the page cache…
more
will be written. So this commit uses folio_zero_new_buffers() to zero the new buffers before ->write_end().
Deeper analysisAI
CVE-2024-57943 is a vulnerability in the Linux kernel's exFAT filesystem implementation. It occurs because new buffer_heads are not zeroed before writing, allowing uninitialized data from the page cache to be written to disk. This issue, classified under CWE-824, has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to potential impacts on confidentiality, integrity, and availability.
A local attacker with low privileges can exploit this vulnerability with low attack complexity and no user interaction required. Successful exploitation could allow the attacker to leak sensitive uninitialized data or corrupt filesystem structures, leading to high-impact outcomes such as unauthorized data disclosure, modification of files, or denial of service.
Mitigation is provided through kernel patches available in the referenced commits: https://git.kernel.org/stable/c/942c6f91ab8d82a41650e717940b4e577173762f and https://git.kernel.org/stable/c/98e2fb26d1a9eafe79f46d15d54e68e014d81d8c. These commits implement folio_zero_new_buffers() to zero new buffers before the ->write_end() callback, resolving the issue. Security practitioners should ensure affected Linux kernels are updated to include these fixes.
Details
- CWE(s)