CVE-2024-47716: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG: unsupported FP instruction in kernel mode FPEXC == 0xc0000780 Internal error: Oops - undefined instruction: 0 [#1] ARM CPU: 0 PID: 196 Comm: vfp-reproducer Not tainted 6.10.0 #1 Hardware name: BCM2835 PC is at vfp_support_entry+0xc8/0x2cc LR is at do_undefinstr+0xa8/0x250 pc : [<c0101d50>] lr : [<c010a80c>] psr: a0000013 sp : dc8d1f68 ip : 60000013 fp : bedea19c r10: ec532b17 r9 : 00000010 r8 : 0044766c r7 : c0000780 r6 : ec532b17 r5 : c1c13800 r4 : dc8d1fb0 r3 : c10072c4 r2 : c0101c88 r1 : ec532b17 r0 : 0044766c Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none Control: 00c5387d Table: 0251c008 DAC: 00000051 Register r0 information: non-paged memory Register r1 information: vmalloc memory Register r2 information: non-slab/vmalloc memory Register r3 information: non-slab/vmalloc memory Register r4 information: 2-page vmalloc region Register r5 information: slab kmalloc-cg-2k Register r6 information: vmalloc memory Register r7 information: non-slab/vmalloc memory Register r8 information: non-paged memory Register r9 information: zero-size pointer Register r10 information: vmalloc memory Register r11 information: non-paged memory Register r12 information: non-paged memory Process vfp-reproducer (pid: 196, stack limit = 0x61aaaf8b) Stack: (0xdc8d1f68 to 0xdc8d2000) 1f60: 0000081f b6f69300 0000000f c10073f4 c10072c4 dc8d1fb0 1f80: ec532b17 0c532b17 0044766c b6f9ccd8 00000000 c010a80c 00447670 60000010 1fa0: ffffffff c1c13800 00c5387d c0100f10 b6f68af8 00448fc0 00000000 bedea188 1fc0: bedea314 00000001 00448ebc b6f9d000 00447608 b6f9ccd8 00000000 bedea19c 1fe0: bede9198 bedea188 b6e1061c 0044766c 60000010 ffffffff 00000000 00000000 Call trace: [<c0101d50>] (vfp_support_entry) from [<c010a80c>] (do_undefinstr+0xa8/0x250) [<c010a80c>] (do_undefinstr) from [<c0100f10>] (__und_usr+0x70/0x80) Exception stack(0xdc8d1fb0 to 0xdc8d1ff8) 1fa0: b6f68af8 00448fc0 00000000 bedea188 1fc0: bedea314 00000001 00448ebc b6f9d000 00447608 b6f9ccd8 00000000 bedea19c 1fe0: bede9198 bedea188 b6e1061c 0044766c 60000010 ffffffff Code: 0a000061 e3877202 e594003c e3a09010 (eef16a10) ---[ end trace 0000000000000000 ]--- Kernel panic - not syncing: Fatal exception in interrupt ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- This is a minimal userspace reproducer on a Raspberry Pi Zero W: #include <stdio.h> #include <math.h> int main(void) { double v = 1.0; printf("%fn", NAN + *(volatile double *)&v); return 0; } Another way to consistently trigger the oops is: calvin@raspberry-pi-zero-w ~$ python -c "import json" The bug reproduces only when the kernel is built with DYNAMIC_DEBUG=n, because the pr_debug() calls act as barriers even when not activated. This is the output from the same kernel source built with the same compiler and DYNAMIC_DEBUG=y, where the userspace reproducer works as expected: VFP: bounce: trigger ec532b17 fpexc c0000780 VFP: emulate: INST=0xee377b06 SCR=0x00000000 VFP: bounce: trigger eef1fa10 fpexc c0000780 VFP: emulate: INST=0xeeb40b40 SCR=0x00000000 VFP: raising exceptions 30000000 calvin@raspberry-pi-zero-w ~$ ./vfp-reproducer nan Crudely grepping for vmsr/vmrs instructions in the otherwise nearly idential text for vfp_support_entry() makes the problem obvious: vmlinux.llvm.good [0xc0101cb8] <+48>: vmrs r7, fpexc vmlinux.llvm.good [0xc0101cd8] <+80>: vmsr fpexc, r0 vmlinux.llvm.good [0xc0101d20 ---truncated---
AI Analysis
Technical Summary
CVE-2024-47716 is a vulnerability in the Linux kernel affecting ARM architectures, specifically kernels built with Clang/LLD version 17.0.6. The issue arises from improper handling of floating point (FP) instructions in user space, which can cause the kernel to crash due to an unsupported FP instruction exception. The root cause is related to the use of volatile assembly macros (fmrx/fmxr) in the kernel's VFP (Vector Floating Point) support code. When certain floating point instructions are executed in user space, the kernel encounters an undefined instruction exception, leading to a kernel panic and system crash. This behavior has been observed on devices such as the Raspberry Pi Zero W running affected kernel versions. The bug reproduces only when the kernel is built with DYNAMIC_DEBUG disabled (DYNAMIC_DEBUG=n), as pr_debug() calls act as memory barriers when enabled, preventing the issue. The vulnerability can be triggered by simple user-space programs performing floating point operations, including common commands like 'python -c "import json"'. The kernel panic trace shows the fault occurring in the vfp_support_entry function, indicating that the kernel's emulation or handling of FP instructions is faulty under these conditions. This vulnerability does not require elevated privileges or special user interaction beyond running floating point instructions in user space. It is a stability and availability issue rather than a direct confidentiality or integrity compromise. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The issue is specific to ARM-based Linux kernels built with the specified compiler version and configuration, affecting embedded and IoT devices using such kernels.
Potential Impact
For European organizations, the primary impact of CVE-2024-47716 is on availability and operational stability of ARM-based Linux systems, particularly embedded devices and IoT platforms that use affected kernel builds. Organizations relying on ARM Linux devices for critical infrastructure, industrial control, telecommunications, or edge computing may experience unexpected kernel panics and system crashes, leading to service interruptions. This could affect sectors such as manufacturing, smart city deployments, and network equipment providers. While the vulnerability does not directly expose sensitive data or allow privilege escalation, repeated crashes could cause denial of service conditions, impacting business continuity. The issue is especially relevant for organizations deploying Raspberry Pi or similar ARM-based devices in production environments, which are common in Europe for prototyping and low-cost deployments. Since the vulnerability is triggered by normal floating point operations, even benign user-space applications can cause crashes, increasing the risk of accidental or intentional disruption. The lack of known exploits reduces immediate risk, but the potential for stability issues warrants prompt attention in affected environments.
Mitigation Recommendations
1. Upgrade the Linux kernel to a version where this vulnerability is patched. Monitor official Linux kernel releases and vendor advisories for updates addressing CVE-2024-47716. 2. For organizations compiling their own kernels, ensure that the kernel is built with DYNAMIC_DEBUG enabled (DYNAMIC_DEBUG=y) as a temporary mitigation, since this setting prevents the crash by enabling pr_debug() barriers. 3. Avoid using affected compiler versions (Clang/LLD 17.0.6) for building ARM Linux kernels until patches are applied. Use alternative compiler versions or toolchains known to be unaffected. 4. Audit ARM-based Linux devices in the environment to identify those running affected kernel versions and compiler builds. Prioritize patching or rebuilding kernels on these devices. 5. Implement monitoring for kernel panics and system crashes on ARM Linux devices to detect exploitation or accidental triggering of the vulnerability. 6. For critical deployments, consider isolating ARM Linux devices or restricting user-space applications that perform floating point operations if patching is delayed. 7. Collaborate with device vendors and suppliers to obtain patched firmware or kernel updates for embedded devices impacted by this issue.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Sweden, Finland, Poland
CVE-2024-47716: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG: unsupported FP instruction in kernel mode FPEXC == 0xc0000780 Internal error: Oops - undefined instruction: 0 [#1] ARM CPU: 0 PID: 196 Comm: vfp-reproducer Not tainted 6.10.0 #1 Hardware name: BCM2835 PC is at vfp_support_entry+0xc8/0x2cc LR is at do_undefinstr+0xa8/0x250 pc : [<c0101d50>] lr : [<c010a80c>] psr: a0000013 sp : dc8d1f68 ip : 60000013 fp : bedea19c r10: ec532b17 r9 : 00000010 r8 : 0044766c r7 : c0000780 r6 : ec532b17 r5 : c1c13800 r4 : dc8d1fb0 r3 : c10072c4 r2 : c0101c88 r1 : ec532b17 r0 : 0044766c Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none Control: 00c5387d Table: 0251c008 DAC: 00000051 Register r0 information: non-paged memory Register r1 information: vmalloc memory Register r2 information: non-slab/vmalloc memory Register r3 information: non-slab/vmalloc memory Register r4 information: 2-page vmalloc region Register r5 information: slab kmalloc-cg-2k Register r6 information: vmalloc memory Register r7 information: non-slab/vmalloc memory Register r8 information: non-paged memory Register r9 information: zero-size pointer Register r10 information: vmalloc memory Register r11 information: non-paged memory Register r12 information: non-paged memory Process vfp-reproducer (pid: 196, stack limit = 0x61aaaf8b) Stack: (0xdc8d1f68 to 0xdc8d2000) 1f60: 0000081f b6f69300 0000000f c10073f4 c10072c4 dc8d1fb0 1f80: ec532b17 0c532b17 0044766c b6f9ccd8 00000000 c010a80c 00447670 60000010 1fa0: ffffffff c1c13800 00c5387d c0100f10 b6f68af8 00448fc0 00000000 bedea188 1fc0: bedea314 00000001 00448ebc b6f9d000 00447608 b6f9ccd8 00000000 bedea19c 1fe0: bede9198 bedea188 b6e1061c 0044766c 60000010 ffffffff 00000000 00000000 Call trace: [<c0101d50>] (vfp_support_entry) from [<c010a80c>] (do_undefinstr+0xa8/0x250) [<c010a80c>] (do_undefinstr) from [<c0100f10>] (__und_usr+0x70/0x80) Exception stack(0xdc8d1fb0 to 0xdc8d1ff8) 1fa0: b6f68af8 00448fc0 00000000 bedea188 1fc0: bedea314 00000001 00448ebc b6f9d000 00447608 b6f9ccd8 00000000 bedea19c 1fe0: bede9198 bedea188 b6e1061c 0044766c 60000010 ffffffff Code: 0a000061 e3877202 e594003c e3a09010 (eef16a10) ---[ end trace 0000000000000000 ]--- Kernel panic - not syncing: Fatal exception in interrupt ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- This is a minimal userspace reproducer on a Raspberry Pi Zero W: #include <stdio.h> #include <math.h> int main(void) { double v = 1.0; printf("%fn", NAN + *(volatile double *)&v); return 0; } Another way to consistently trigger the oops is: calvin@raspberry-pi-zero-w ~$ python -c "import json" The bug reproduces only when the kernel is built with DYNAMIC_DEBUG=n, because the pr_debug() calls act as barriers even when not activated. This is the output from the same kernel source built with the same compiler and DYNAMIC_DEBUG=y, where the userspace reproducer works as expected: VFP: bounce: trigger ec532b17 fpexc c0000780 VFP: emulate: INST=0xee377b06 SCR=0x00000000 VFP: bounce: trigger eef1fa10 fpexc c0000780 VFP: emulate: INST=0xeeb40b40 SCR=0x00000000 VFP: raising exceptions 30000000 calvin@raspberry-pi-zero-w ~$ ./vfp-reproducer nan Crudely grepping for vmsr/vmrs instructions in the otherwise nearly idential text for vfp_support_entry() makes the problem obvious: vmlinux.llvm.good [0xc0101cb8] <+48>: vmrs r7, fpexc vmlinux.llvm.good [0xc0101cd8] <+80>: vmsr fpexc, r0 vmlinux.llvm.good [0xc0101d20 ---truncated---
AI-Powered Analysis
Technical Analysis
CVE-2024-47716 is a vulnerability in the Linux kernel affecting ARM architectures, specifically kernels built with Clang/LLD version 17.0.6. The issue arises from improper handling of floating point (FP) instructions in user space, which can cause the kernel to crash due to an unsupported FP instruction exception. The root cause is related to the use of volatile assembly macros (fmrx/fmxr) in the kernel's VFP (Vector Floating Point) support code. When certain floating point instructions are executed in user space, the kernel encounters an undefined instruction exception, leading to a kernel panic and system crash. This behavior has been observed on devices such as the Raspberry Pi Zero W running affected kernel versions. The bug reproduces only when the kernel is built with DYNAMIC_DEBUG disabled (DYNAMIC_DEBUG=n), as pr_debug() calls act as memory barriers when enabled, preventing the issue. The vulnerability can be triggered by simple user-space programs performing floating point operations, including common commands like 'python -c "import json"'. The kernel panic trace shows the fault occurring in the vfp_support_entry function, indicating that the kernel's emulation or handling of FP instructions is faulty under these conditions. This vulnerability does not require elevated privileges or special user interaction beyond running floating point instructions in user space. It is a stability and availability issue rather than a direct confidentiality or integrity compromise. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The issue is specific to ARM-based Linux kernels built with the specified compiler version and configuration, affecting embedded and IoT devices using such kernels.
Potential Impact
For European organizations, the primary impact of CVE-2024-47716 is on availability and operational stability of ARM-based Linux systems, particularly embedded devices and IoT platforms that use affected kernel builds. Organizations relying on ARM Linux devices for critical infrastructure, industrial control, telecommunications, or edge computing may experience unexpected kernel panics and system crashes, leading to service interruptions. This could affect sectors such as manufacturing, smart city deployments, and network equipment providers. While the vulnerability does not directly expose sensitive data or allow privilege escalation, repeated crashes could cause denial of service conditions, impacting business continuity. The issue is especially relevant for organizations deploying Raspberry Pi or similar ARM-based devices in production environments, which are common in Europe for prototyping and low-cost deployments. Since the vulnerability is triggered by normal floating point operations, even benign user-space applications can cause crashes, increasing the risk of accidental or intentional disruption. The lack of known exploits reduces immediate risk, but the potential for stability issues warrants prompt attention in affected environments.
Mitigation Recommendations
1. Upgrade the Linux kernel to a version where this vulnerability is patched. Monitor official Linux kernel releases and vendor advisories for updates addressing CVE-2024-47716. 2. For organizations compiling their own kernels, ensure that the kernel is built with DYNAMIC_DEBUG enabled (DYNAMIC_DEBUG=y) as a temporary mitigation, since this setting prevents the crash by enabling pr_debug() barriers. 3. Avoid using affected compiler versions (Clang/LLD 17.0.6) for building ARM Linux kernels until patches are applied. Use alternative compiler versions or toolchains known to be unaffected. 4. Audit ARM-based Linux devices in the environment to identify those running affected kernel versions and compiler builds. Prioritize patching or rebuilding kernels on these devices. 5. Implement monitoring for kernel panics and system crashes on ARM Linux devices to detect exploitation or accidental triggering of the vulnerability. 6. For critical deployments, consider isolating ARM Linux devices or restricting user-space applications that perform floating point operations if patching is delayed. 7. Collaborate with device vendors and suppliers to obtain patched firmware or kernel updates for embedded devices impacted by this issue.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-09-30T16:00:12.949Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9825c4522896dcbe05a4
Added to database: 5/21/2025, 9:08:53 AM
Last enriched: 6/28/2025, 7:55:47 PM
Last updated: 7/30/2025, 10:10:34 PM
Views: 10
Related Threats
CVE-2025-49895: CWE-352 Cross-Site Request Forgery (CSRF) in iThemes ServerBuddy by PluginBuddy.com
HighCVE-2025-55284: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in anthropics claude-code
HighCVE-2025-55286: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer in vancluever z2d
HighCVE-2025-52621: CWE-346 Origin Validation Error in HCL Software BigFix SaaS Remediate
MediumCVE-2025-52620: CWE-20 Improper Input Validation in HCL Software BigFix SaaS Remediate
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.