CVE-2024-43874: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix null pointer dereference in __sev_snp_shutdown_locked Fix a null pointer dereference induced by DEBUG_TEST_DRIVER_REMOVE. Return from __sev_snp_shutdown_locked() if the psp_device or the sev_device structs are not initialized. Without the fix, the driver will produce the following splat: ccp 0000:55:00.5: enabling device (0000 -> 0002) ccp 0000:55:00.5: sev enabled ccp 0000:55:00.5: psp enabled BUG: kernel NULL pointer dereference, address: 00000000000000f0 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC NOPTI CPU: 262 PID: 1 Comm: swapper/0 Not tainted 6.9.0-rc1+ #29 RIP: 0010:__sev_snp_shutdown_locked+0x2e/0x150 Code: 00 55 48 89 e5 41 57 41 56 41 54 53 48 83 ec 10 41 89 f7 49 89 fe 65 48 8b 04 25 28 00 00 00 48 89 45 d8 48 8b 05 6a 5a 7f 06 <4c> 8b a0 f0 00 00 00 41 0f b6 9c 24 a2 00 00 00 48 83 fb 02 0f 83 RSP: 0018:ffffb2ea4014b7b8 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff9e4acd2e0a28 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffb2ea4014b808 RBP: ffffb2ea4014b7e8 R08: 0000000000000106 R09: 000000000003d9c0 R10: 0000000000000001 R11: ffffffffa39ff070 R12: ffff9e49d40590c8 R13: 0000000000000000 R14: ffffb2ea4014b808 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff9e58b1e00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000f0 CR3: 0000000418a3e001 CR4: 0000000000770ef0 PKRU: 55555554 Call Trace: <TASK> ? __die_body+0x6f/0xb0 ? __die+0xcc/0xf0 ? page_fault_oops+0x330/0x3a0 ? save_trace+0x2a5/0x360 ? do_user_addr_fault+0x583/0x630 ? exc_page_fault+0x81/0x120 ? asm_exc_page_fault+0x2b/0x30 ? __sev_snp_shutdown_locked+0x2e/0x150 __sev_firmware_shutdown+0x349/0x5b0 ? pm_runtime_barrier+0x66/0xe0 sev_dev_destroy+0x34/0xb0 psp_dev_destroy+0x27/0x60 sp_destroy+0x39/0x90 sp_pci_remove+0x22/0x60 pci_device_remove+0x4e/0x110 really_probe+0x271/0x4e0 __driver_probe_device+0x8f/0x160 driver_probe_device+0x24/0x120 __driver_attach+0xc7/0x280 ? driver_attach+0x30/0x30 bus_for_each_dev+0x10d/0x130 driver_attach+0x22/0x30 bus_add_driver+0x171/0x2b0 ? unaccepted_memory_init_kdump+0x20/0x20 driver_register+0x67/0x100 __pci_register_driver+0x83/0x90 sp_pci_init+0x22/0x30 sp_mod_init+0x13/0x30 do_one_initcall+0xb8/0x290 ? sched_clock_noinstr+0xd/0x10 ? local_clock_noinstr+0x3e/0x100 ? stack_depot_save_flags+0x21e/0x6a0 ? local_clock+0x1c/0x60 ? stack_depot_save_flags+0x21e/0x6a0 ? sched_clock_noinstr+0xd/0x10 ? local_clock_noinstr+0x3e/0x100 ? __lock_acquire+0xd90/0xe30 ? sched_clock_noinstr+0xd/0x10 ? local_clock_noinstr+0x3e/0x100 ? __create_object+0x66/0x100 ? local_clock+0x1c/0x60 ? __create_object+0x66/0x100 ? parameq+0x1b/0x90 ? parse_one+0x6d/0x1d0 ? parse_args+0xd7/0x1f0 ? do_initcall_level+0x180/0x180 do_initcall_level+0xb0/0x180 do_initcalls+0x60/0xa0 ? kernel_init+0x1f/0x1d0 do_basic_setup+0x41/0x50 kernel_init_freeable+0x1ac/0x230 ? rest_init+0x1f0/0x1f0 kernel_init+0x1f/0x1d0 ? rest_init+0x1f0/0x1f0 ret_from_fork+0x3d/0x50 ? rest_init+0x1f0/0x1f0 ret_from_fork_asm+0x11/0x20 </TASK> Modules linked in: CR2: 00000000000000f0 ---[ end trace 0000000000000000 ]--- RIP: 0010:__sev_snp_shutdown_locked+0x2e/0x150 Code: 00 55 48 89 e5 41 57 41 56 41 54 53 48 83 ec 10 41 89 f7 49 89 fe 65 48 8b 04 25 28 00 00 00 48 89 45 d8 48 8b 05 6a 5a 7f 06 <4c> 8b a0 f0 00 00 00 41 0f b6 9c 24 a2 00 00 00 48 83 fb 02 0f 83 RSP: 0018:ffffb2ea4014b7b8 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff9e4acd2e0a28 RCX: 0000000000000000 RDX: 0000000 ---truncated---
AI Analysis
Technical Summary
CVE-2024-43874 is a vulnerability identified in the Linux kernel's crypto subsystem, specifically within the ccp (Cryptographic Coprocessor) driver related to AMD SEV-SNP (Secure Encrypted Virtualization - Secure Nested Paging) support. The flaw is a null pointer dereference occurring in the function __sev_snp_shutdown_locked, which is triggered when the driver attempts to shut down SEV-SNP related devices without verifying that the required device structures (psp_device or sev_device) are properly initialized. This can happen during the removal of the driver or device, particularly when the DEBUG_TEST_DRIVER_REMOVE flag is set. Without the fix, the kernel attempts to access a null pointer, leading to a kernel oops and system crash. The detailed kernel trace shows a page fault (#PF) caused by a supervisor read access to a non-present page at address 0x00000000000000f0, resulting in a BUG message and kernel panic. This vulnerability affects Linux kernel versions containing the specified commit (1ca5614b84eed5904f65f143e0e7aaab0ac4c6b2). The issue is resolved by adding checks to return early from __sev_snp_shutdown_locked if the device structs are uninitialized, preventing the null pointer dereference. No known exploits are reported in the wild at this time, and no CVSS score has been assigned yet. The vulnerability is a stability and availability risk, as exploitation leads to denial of service via kernel crash. It requires local code execution context or driver removal scenarios to trigger, and does not appear to allow privilege escalation or confidentiality breaches directly.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux kernels with AMD SEV-SNP support enabled, particularly those using the ccp driver for cryptographic acceleration. The impact is a potential denial of service due to kernel crashes, which can disrupt critical services, especially in data centers, cloud environments, and virtualized infrastructures relying on SEV-SNP for secure virtualization. Organizations using AMD EPYC processors with SEV-SNP features in servers or cloud instances are most at risk. The vulnerability could affect availability of services, leading to downtime and operational disruption. While it does not directly compromise confidentiality or integrity, the forced system crashes could be leveraged by attackers to cause service interruptions or trigger failover mechanisms, potentially impacting business continuity. Given the growing adoption of AMD SEV-SNP in European cloud providers and enterprises focused on secure virtualization, the vulnerability's impact is non-trivial. However, exploitation requires specific conditions (driver removal or debug scenarios), limiting the attack surface. No evidence suggests remote exploitation or widespread attacks currently.
Mitigation Recommendations
European organizations should promptly update their Linux kernels to versions containing the fix for CVE-2024-43874. Kernel updates should be applied especially on systems utilizing AMD SEV-SNP features and the ccp driver. System administrators should audit their environments to identify affected systems by checking kernel versions and hardware configurations (AMD EPYC processors with SEV-SNP enabled). Disable or avoid using DEBUG_TEST_DRIVER_REMOVE or similar debug flags in production environments to reduce risk of triggering the vulnerability. Implement robust monitoring for kernel oops or crashes related to the ccp driver and SEV-SNP components to detect potential exploitation attempts. For virtualized environments, ensure hypervisor and guest kernel versions are patched accordingly. Additionally, consider isolating critical workloads to minimize impact of potential denial of service. Engage with Linux distribution vendors for backported patches if upgrading to latest kernel versions is not immediately feasible. Finally, maintain regular backups and disaster recovery plans to mitigate availability impacts from unexpected kernel crashes.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2024-43874: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix null pointer dereference in __sev_snp_shutdown_locked Fix a null pointer dereference induced by DEBUG_TEST_DRIVER_REMOVE. Return from __sev_snp_shutdown_locked() if the psp_device or the sev_device structs are not initialized. Without the fix, the driver will produce the following splat: ccp 0000:55:00.5: enabling device (0000 -> 0002) ccp 0000:55:00.5: sev enabled ccp 0000:55:00.5: psp enabled BUG: kernel NULL pointer dereference, address: 00000000000000f0 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC NOPTI CPU: 262 PID: 1 Comm: swapper/0 Not tainted 6.9.0-rc1+ #29 RIP: 0010:__sev_snp_shutdown_locked+0x2e/0x150 Code: 00 55 48 89 e5 41 57 41 56 41 54 53 48 83 ec 10 41 89 f7 49 89 fe 65 48 8b 04 25 28 00 00 00 48 89 45 d8 48 8b 05 6a 5a 7f 06 <4c> 8b a0 f0 00 00 00 41 0f b6 9c 24 a2 00 00 00 48 83 fb 02 0f 83 RSP: 0018:ffffb2ea4014b7b8 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff9e4acd2e0a28 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffb2ea4014b808 RBP: ffffb2ea4014b7e8 R08: 0000000000000106 R09: 000000000003d9c0 R10: 0000000000000001 R11: ffffffffa39ff070 R12: ffff9e49d40590c8 R13: 0000000000000000 R14: ffffb2ea4014b808 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff9e58b1e00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000f0 CR3: 0000000418a3e001 CR4: 0000000000770ef0 PKRU: 55555554 Call Trace: <TASK> ? __die_body+0x6f/0xb0 ? __die+0xcc/0xf0 ? page_fault_oops+0x330/0x3a0 ? save_trace+0x2a5/0x360 ? do_user_addr_fault+0x583/0x630 ? exc_page_fault+0x81/0x120 ? asm_exc_page_fault+0x2b/0x30 ? __sev_snp_shutdown_locked+0x2e/0x150 __sev_firmware_shutdown+0x349/0x5b0 ? pm_runtime_barrier+0x66/0xe0 sev_dev_destroy+0x34/0xb0 psp_dev_destroy+0x27/0x60 sp_destroy+0x39/0x90 sp_pci_remove+0x22/0x60 pci_device_remove+0x4e/0x110 really_probe+0x271/0x4e0 __driver_probe_device+0x8f/0x160 driver_probe_device+0x24/0x120 __driver_attach+0xc7/0x280 ? driver_attach+0x30/0x30 bus_for_each_dev+0x10d/0x130 driver_attach+0x22/0x30 bus_add_driver+0x171/0x2b0 ? unaccepted_memory_init_kdump+0x20/0x20 driver_register+0x67/0x100 __pci_register_driver+0x83/0x90 sp_pci_init+0x22/0x30 sp_mod_init+0x13/0x30 do_one_initcall+0xb8/0x290 ? sched_clock_noinstr+0xd/0x10 ? local_clock_noinstr+0x3e/0x100 ? stack_depot_save_flags+0x21e/0x6a0 ? local_clock+0x1c/0x60 ? stack_depot_save_flags+0x21e/0x6a0 ? sched_clock_noinstr+0xd/0x10 ? local_clock_noinstr+0x3e/0x100 ? __lock_acquire+0xd90/0xe30 ? sched_clock_noinstr+0xd/0x10 ? local_clock_noinstr+0x3e/0x100 ? __create_object+0x66/0x100 ? local_clock+0x1c/0x60 ? __create_object+0x66/0x100 ? parameq+0x1b/0x90 ? parse_one+0x6d/0x1d0 ? parse_args+0xd7/0x1f0 ? do_initcall_level+0x180/0x180 do_initcall_level+0xb0/0x180 do_initcalls+0x60/0xa0 ? kernel_init+0x1f/0x1d0 do_basic_setup+0x41/0x50 kernel_init_freeable+0x1ac/0x230 ? rest_init+0x1f0/0x1f0 kernel_init+0x1f/0x1d0 ? rest_init+0x1f0/0x1f0 ret_from_fork+0x3d/0x50 ? rest_init+0x1f0/0x1f0 ret_from_fork_asm+0x11/0x20 </TASK> Modules linked in: CR2: 00000000000000f0 ---[ end trace 0000000000000000 ]--- RIP: 0010:__sev_snp_shutdown_locked+0x2e/0x150 Code: 00 55 48 89 e5 41 57 41 56 41 54 53 48 83 ec 10 41 89 f7 49 89 fe 65 48 8b 04 25 28 00 00 00 48 89 45 d8 48 8b 05 6a 5a 7f 06 <4c> 8b a0 f0 00 00 00 41 0f b6 9c 24 a2 00 00 00 48 83 fb 02 0f 83 RSP: 0018:ffffb2ea4014b7b8 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff9e4acd2e0a28 RCX: 0000000000000000 RDX: 0000000 ---truncated---
AI-Powered Analysis
Technical Analysis
CVE-2024-43874 is a vulnerability identified in the Linux kernel's crypto subsystem, specifically within the ccp (Cryptographic Coprocessor) driver related to AMD SEV-SNP (Secure Encrypted Virtualization - Secure Nested Paging) support. The flaw is a null pointer dereference occurring in the function __sev_snp_shutdown_locked, which is triggered when the driver attempts to shut down SEV-SNP related devices without verifying that the required device structures (psp_device or sev_device) are properly initialized. This can happen during the removal of the driver or device, particularly when the DEBUG_TEST_DRIVER_REMOVE flag is set. Without the fix, the kernel attempts to access a null pointer, leading to a kernel oops and system crash. The detailed kernel trace shows a page fault (#PF) caused by a supervisor read access to a non-present page at address 0x00000000000000f0, resulting in a BUG message and kernel panic. This vulnerability affects Linux kernel versions containing the specified commit (1ca5614b84eed5904f65f143e0e7aaab0ac4c6b2). The issue is resolved by adding checks to return early from __sev_snp_shutdown_locked if the device structs are uninitialized, preventing the null pointer dereference. No known exploits are reported in the wild at this time, and no CVSS score has been assigned yet. The vulnerability is a stability and availability risk, as exploitation leads to denial of service via kernel crash. It requires local code execution context or driver removal scenarios to trigger, and does not appear to allow privilege escalation or confidentiality breaches directly.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux kernels with AMD SEV-SNP support enabled, particularly those using the ccp driver for cryptographic acceleration. The impact is a potential denial of service due to kernel crashes, which can disrupt critical services, especially in data centers, cloud environments, and virtualized infrastructures relying on SEV-SNP for secure virtualization. Organizations using AMD EPYC processors with SEV-SNP features in servers or cloud instances are most at risk. The vulnerability could affect availability of services, leading to downtime and operational disruption. While it does not directly compromise confidentiality or integrity, the forced system crashes could be leveraged by attackers to cause service interruptions or trigger failover mechanisms, potentially impacting business continuity. Given the growing adoption of AMD SEV-SNP in European cloud providers and enterprises focused on secure virtualization, the vulnerability's impact is non-trivial. However, exploitation requires specific conditions (driver removal or debug scenarios), limiting the attack surface. No evidence suggests remote exploitation or widespread attacks currently.
Mitigation Recommendations
European organizations should promptly update their Linux kernels to versions containing the fix for CVE-2024-43874. Kernel updates should be applied especially on systems utilizing AMD SEV-SNP features and the ccp driver. System administrators should audit their environments to identify affected systems by checking kernel versions and hardware configurations (AMD EPYC processors with SEV-SNP enabled). Disable or avoid using DEBUG_TEST_DRIVER_REMOVE or similar debug flags in production environments to reduce risk of triggering the vulnerability. Implement robust monitoring for kernel oops or crashes related to the ccp driver and SEV-SNP components to detect potential exploitation attempts. For virtualized environments, ensure hypervisor and guest kernel versions are patched accordingly. Additionally, consider isolating critical workloads to minimize impact of potential denial of service. Engage with Linux distribution vendors for backported patches if upgrading to latest kernel versions is not immediately feasible. Finally, maintain regular backups and disaster recovery plans to mitigate availability impacts from unexpected kernel crashes.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-08-17T09:11:59.281Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9826c4522896dcbe0b3e
Added to database: 5/21/2025, 9:08:54 AM
Last enriched: 6/28/2025, 10:11:42 PM
Last updated: 7/30/2025, 7:11:44 PM
Views: 10
Related Threats
CVE-2025-8959: CWE-59: Improper Link Resolution Before File Access (Link Following) in HashiCorp Shared library
HighCVE-2025-44201
LowCVE-2025-36088: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in IBM Storage TS4500 Library
MediumCVE-2025-43490: CWE-59 Improper Link Resolution Before File Access ('Link Following') in HP, Inc. HP Hotkey Support Software
MediumCVE-2025-9060: CWE-20 Improper Input Validation in MSoft MFlash
CriticalActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.