CVE-2024-57998
Published: 27 February 2025
Summary
CVE-2024-57998 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 1.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-2 Flaw Remediation directly mitigates CVE-2024-57998 by requiring timely application of kernel patches that add the missing index check to prevent the buffer overflow.
SI-10 Information Input Validation requires bounds checking on frequency indices passed to OPP functions, directly addressing the missing index validation that causes the out-of-bounds read.
SI-16 Memory Protection implements kernel mitigations like address space randomization and guard pages that limit the impact and exploitability of the buffer overflow even if triggered.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local kernel out-of-bounds read vulnerability directly enables exploitation for privilege escalation by a low-privileged attacker.
NVD Description
In the Linux kernel, the following vulnerability has been resolved: OPP: add index check to assert to avoid buffer overflow in _read_freq() Pass the freq index to the assert function to make sure we do not read a freq out…
more
of the opp->rates[] table when called from the indexed variants: dev_pm_opp_find_freq_exact_indexed() or dev_pm_opp_find_freq_ceil/floor_indexed(). Add a secondary parameter to the assert function, unused for assert_single_clk() then add assert_clk_index() which will check for the clock index when called from the _indexed() find functions.
Deeper analysisAI
CVE-2024-57998 is a vulnerability in the Linux kernel's Operating Performance Points (OPP) subsystem. It manifests as a buffer overflow in the _read_freq() function due to a missing index check in an assert statement, which can result in reading frequencies out of the opp->rates[] table bounds. This issue arises specifically when _read_freq() is called from indexed variants such as dev_pm_opp_find_freq_exact_indexed() or dev_pm_opp_find_freq_ceil/floor_indexed(). The vulnerability is classified under CWE-125 (Out-of-bounds Read) and carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
A local attacker with low privileges can exploit this vulnerability. Exploitation requires local access and low complexity with no user interaction, allowing the attacker to achieve high impacts on confidentiality, integrity, and availability. Potential outcomes include unauthorized data access, modification, or kernel denial of service within the affected OPP context.
Mitigation is provided through patches in the Linux kernel stable repositories. Relevant commits include 774dd6f0f0a61c9c3848e025d7d9eeed1a7ca4cd, 7d68c20638e50d5eb4576492a7958328ae445248, d659bc68ed489022ea33342cfbda2911a81e7a0d, da2a6acc73933b7812c94794726e438cde39e037, and eb6ffa0192ba83ece1a318b956265519c5c7dcec. These updates add a frequency index parameter to the assert function and introduce assert_clk_index() to validate clock indices in the indexed find functions, preventing the out-of-bounds read.
Details
- CWE(s)