CVE-2024-53097: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: mm: krealloc: Fix MTE false alarm in __do_krealloc This patch addresses an issue introduced by commit 1a83a716ec233 ("mm: krealloc: consider spare memory for __GFP_ZERO") which causes MTE (Memory Tagging Extension) to falsely report a slab-out-of-bounds error. The problem occurs when zeroing out spare memory in __do_krealloc. The original code only considered software-based KASAN and did not account for MTE. It does not reset the KASAN tag before calling memset, leading to a mismatch between the pointer tag and the memory tag, resulting in a false positive. Example of the error: ================================================================== swapper/0: BUG: KASAN: slab-out-of-bounds in __memset+0x84/0x188 swapper/0: Write at addr f4ffff8005f0fdf0 by task swapper/0/1 swapper/0: Pointer tag: [f4], memory tag: [fe] swapper/0: swapper/0: CPU: 4 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12. swapper/0: Hardware name: MT6991(ENG) (DT) swapper/0: Call trace: swapper/0: dump_backtrace+0xfc/0x17c swapper/0: show_stack+0x18/0x28 swapper/0: dump_stack_lvl+0x40/0xa0 swapper/0: print_report+0x1b8/0x71c swapper/0: kasan_report+0xec/0x14c swapper/0: __do_kernel_fault+0x60/0x29c swapper/0: do_bad_area+0x30/0xdc swapper/0: do_tag_check_fault+0x20/0x34 swapper/0: do_mem_abort+0x58/0x104 swapper/0: el1_abort+0x3c/0x5c swapper/0: el1h_64_sync_handler+0x80/0xcc swapper/0: el1h_64_sync+0x68/0x6c swapper/0: __memset+0x84/0x188 swapper/0: btf_populate_kfunc_set+0x280/0x3d8 swapper/0: __register_btf_kfunc_id_set+0x43c/0x468 swapper/0: register_btf_kfunc_id_set+0x48/0x60 swapper/0: register_nf_nat_bpf+0x1c/0x40 swapper/0: nf_nat_init+0xc0/0x128 swapper/0: do_one_initcall+0x184/0x464 swapper/0: do_initcall_level+0xdc/0x1b0 swapper/0: do_initcalls+0x70/0xc0 swapper/0: do_basic_setup+0x1c/0x28 swapper/0: kernel_init_freeable+0x144/0x1b8 swapper/0: kernel_init+0x20/0x1a8 swapper/0: ret_from_fork+0x10/0x20 ==================================================================
AI Analysis
Technical Summary
CVE-2024-53097 is a vulnerability identified in the Linux kernel related to the memory management subsystem, specifically within the krealloc function. The issue stems from a patch introduced by commit 1a83a716ec233 that modified the behavior of krealloc to consider spare memory for zeroing (__GFP_ZERO). However, this patch did not properly account for the Memory Tagging Extension (MTE), a hardware feature designed to detect memory safety violations by tagging memory and pointers. The vulnerability manifests as a false positive slab-out-of-bounds error reported by the Kernel Address Sanitizer (KASAN) when MTE is enabled. This occurs because the code zeroing out spare memory in the __do_krealloc function fails to reset the KASAN tag before calling memset, leading to a mismatch between the pointer tag and the memory tag. The mismatch triggers erroneous memory fault reports, which can cause kernel warnings or crashes during memory operations. The provided kernel log snippet illustrates the error, showing a KASAN slab-out-of-bounds write detected in __memset, with differing pointer and memory tags. The call trace indicates the fault occurs during kernel initialization routines involving BPF and NAT modules. Although this vulnerability does not represent a direct memory corruption or escalation vector, it can cause system instability or denial of service due to kernel faults triggered by false alarms. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The issue affects multiple Linux kernel versions identified by specific commit hashes prior to the patch. The fix involves properly resetting the KASAN tag before memset calls to align pointer and memory tags and prevent false positives when MTE is active.
Potential Impact
For European organizations relying on Linux-based systems, especially those using recent kernel versions with MTE enabled on supported hardware, this vulnerability can lead to unexpected kernel faults and system instability. While it does not directly allow privilege escalation or code execution, the false positive memory errors can cause kernel panics or crashes, resulting in denial of service conditions. This is particularly impactful for critical infrastructure, data centers, cloud providers, and enterprises running Linux servers or embedded devices where uptime and reliability are paramount. Systems involved in network functions (e.g., NAT, firewalling) or those utilizing BPF (Berkeley Packet Filter) features may be more exposed during kernel initialization or module loading phases. The false alarms may complicate debugging and system monitoring, potentially masking real issues or triggering unnecessary maintenance actions. Although exploitation is not currently observed, the vulnerability highlights the challenges of integrating new hardware features like MTE with existing kernel sanitizers and memory management code. Organizations with high availability requirements or those operating in regulated sectors (finance, healthcare, energy) should prioritize patching to avoid service disruptions.
Mitigation Recommendations
1. Apply the official Linux kernel patch that addresses CVE-2024-53097 as soon as it becomes available for your distribution or kernel version. Monitor vendor advisories for updated kernel packages. 2. Temporarily disable MTE if system stability is critical and patching is delayed, understanding this reduces memory safety protections. 3. Review kernel boot parameters and configurations related to KASAN and MTE to ensure compatibility and reduce false positives. 4. Conduct thorough testing in staging environments to detect any kernel faults related to memory tagging before deploying updates to production. 5. Monitor system logs for KASAN slab-out-of-bounds errors or related kernel warnings that may indicate the presence of this issue. 6. Coordinate with hardware vendors to confirm MTE support and firmware updates that may influence kernel behavior. 7. For embedded or specialized Linux deployments, consider kernel recompilation with the patched krealloc code to eliminate the false alarm. 8. Maintain robust backup and recovery procedures to mitigate potential downtime caused by kernel crashes.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2024-53097: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: mm: krealloc: Fix MTE false alarm in __do_krealloc This patch addresses an issue introduced by commit 1a83a716ec233 ("mm: krealloc: consider spare memory for __GFP_ZERO") which causes MTE (Memory Tagging Extension) to falsely report a slab-out-of-bounds error. The problem occurs when zeroing out spare memory in __do_krealloc. The original code only considered software-based KASAN and did not account for MTE. It does not reset the KASAN tag before calling memset, leading to a mismatch between the pointer tag and the memory tag, resulting in a false positive. Example of the error: ================================================================== swapper/0: BUG: KASAN: slab-out-of-bounds in __memset+0x84/0x188 swapper/0: Write at addr f4ffff8005f0fdf0 by task swapper/0/1 swapper/0: Pointer tag: [f4], memory tag: [fe] swapper/0: swapper/0: CPU: 4 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12. swapper/0: Hardware name: MT6991(ENG) (DT) swapper/0: Call trace: swapper/0: dump_backtrace+0xfc/0x17c swapper/0: show_stack+0x18/0x28 swapper/0: dump_stack_lvl+0x40/0xa0 swapper/0: print_report+0x1b8/0x71c swapper/0: kasan_report+0xec/0x14c swapper/0: __do_kernel_fault+0x60/0x29c swapper/0: do_bad_area+0x30/0xdc swapper/0: do_tag_check_fault+0x20/0x34 swapper/0: do_mem_abort+0x58/0x104 swapper/0: el1_abort+0x3c/0x5c swapper/0: el1h_64_sync_handler+0x80/0xcc swapper/0: el1h_64_sync+0x68/0x6c swapper/0: __memset+0x84/0x188 swapper/0: btf_populate_kfunc_set+0x280/0x3d8 swapper/0: __register_btf_kfunc_id_set+0x43c/0x468 swapper/0: register_btf_kfunc_id_set+0x48/0x60 swapper/0: register_nf_nat_bpf+0x1c/0x40 swapper/0: nf_nat_init+0xc0/0x128 swapper/0: do_one_initcall+0x184/0x464 swapper/0: do_initcall_level+0xdc/0x1b0 swapper/0: do_initcalls+0x70/0xc0 swapper/0: do_basic_setup+0x1c/0x28 swapper/0: kernel_init_freeable+0x144/0x1b8 swapper/0: kernel_init+0x20/0x1a8 swapper/0: ret_from_fork+0x10/0x20 ==================================================================
AI-Powered Analysis
Technical Analysis
CVE-2024-53097 is a vulnerability identified in the Linux kernel related to the memory management subsystem, specifically within the krealloc function. The issue stems from a patch introduced by commit 1a83a716ec233 that modified the behavior of krealloc to consider spare memory for zeroing (__GFP_ZERO). However, this patch did not properly account for the Memory Tagging Extension (MTE), a hardware feature designed to detect memory safety violations by tagging memory and pointers. The vulnerability manifests as a false positive slab-out-of-bounds error reported by the Kernel Address Sanitizer (KASAN) when MTE is enabled. This occurs because the code zeroing out spare memory in the __do_krealloc function fails to reset the KASAN tag before calling memset, leading to a mismatch between the pointer tag and the memory tag. The mismatch triggers erroneous memory fault reports, which can cause kernel warnings or crashes during memory operations. The provided kernel log snippet illustrates the error, showing a KASAN slab-out-of-bounds write detected in __memset, with differing pointer and memory tags. The call trace indicates the fault occurs during kernel initialization routines involving BPF and NAT modules. Although this vulnerability does not represent a direct memory corruption or escalation vector, it can cause system instability or denial of service due to kernel faults triggered by false alarms. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The issue affects multiple Linux kernel versions identified by specific commit hashes prior to the patch. The fix involves properly resetting the KASAN tag before memset calls to align pointer and memory tags and prevent false positives when MTE is active.
Potential Impact
For European organizations relying on Linux-based systems, especially those using recent kernel versions with MTE enabled on supported hardware, this vulnerability can lead to unexpected kernel faults and system instability. While it does not directly allow privilege escalation or code execution, the false positive memory errors can cause kernel panics or crashes, resulting in denial of service conditions. This is particularly impactful for critical infrastructure, data centers, cloud providers, and enterprises running Linux servers or embedded devices where uptime and reliability are paramount. Systems involved in network functions (e.g., NAT, firewalling) or those utilizing BPF (Berkeley Packet Filter) features may be more exposed during kernel initialization or module loading phases. The false alarms may complicate debugging and system monitoring, potentially masking real issues or triggering unnecessary maintenance actions. Although exploitation is not currently observed, the vulnerability highlights the challenges of integrating new hardware features like MTE with existing kernel sanitizers and memory management code. Organizations with high availability requirements or those operating in regulated sectors (finance, healthcare, energy) should prioritize patching to avoid service disruptions.
Mitigation Recommendations
1. Apply the official Linux kernel patch that addresses CVE-2024-53097 as soon as it becomes available for your distribution or kernel version. Monitor vendor advisories for updated kernel packages. 2. Temporarily disable MTE if system stability is critical and patching is delayed, understanding this reduces memory safety protections. 3. Review kernel boot parameters and configurations related to KASAN and MTE to ensure compatibility and reduce false positives. 4. Conduct thorough testing in staging environments to detect any kernel faults related to memory tagging before deploying updates to production. 5. Monitor system logs for KASAN slab-out-of-bounds errors or related kernel warnings that may indicate the presence of this issue. 6. Coordinate with hardware vendors to confirm MTE support and firmware updates that may influence kernel behavior. 7. For embedded or specialized Linux deployments, consider kernel recompilation with the patched krealloc code to eliminate the false alarm. 8. Maintain robust backup and recovery procedures to mitigate potential downtime caused by kernel crashes.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-11-19T17:17:24.983Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9820c4522896dcbdd003
Added to database: 5/21/2025, 9:08:48 AM
Last enriched: 6/27/2025, 10:12:30 PM
Last updated: 8/12/2025, 7:11:41 PM
Views: 10
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.