CVE-2024-57917: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: topology: Keep the cpumask unchanged when printing cpumap During fuzz testing, the following warning was discovered: different return values (15 and 11) from vsnprintf("%*pbl ", ...) test:keyward is WARNING in kvasprintf WARNING: CPU: 55 PID: 1168477 at lib/kasprintf.c:30 kvasprintf+0x121/0x130 Call Trace: kvasprintf+0x121/0x130 kasprintf+0xa6/0xe0 bitmap_print_to_buf+0x89/0x100 core_siblings_list_read+0x7e/0xb0 kernfs_file_read_iter+0x15b/0x270 new_sync_read+0x153/0x260 vfs_read+0x215/0x290 ksys_read+0xb9/0x160 do_syscall_64+0x56/0x100 entry_SYSCALL_64_after_hwframe+0x78/0xe2 The call trace shows that kvasprintf() reported this warning during the printing of core_siblings_list. kvasprintf() has several steps: (1) First, calculate the length of the resulting formatted string. (2) Allocate a buffer based on the returned length. (3) Then, perform the actual string formatting. (4) Check whether the lengths of the formatted strings returned in steps (1) and (2) are consistent. If the core_cpumask is modified between steps (1) and (3), the lengths obtained in these two steps may not match. Indeed our test includes cpu hotplugging, which should modify core_cpumask while printing. To fix this issue, cache the cpumask into a temporary variable before calling cpumap_print_{list, cpumask}_to_buf(), to keep it unchanged during the printing process.
AI Analysis
Technical Summary
CVE-2024-57917 is a vulnerability identified in the Linux kernel related to the handling of CPU topology information during the printing of CPU masks (cpumasks). The issue arises specifically in the function kvasprintf(), which is used to format strings dynamically. The vulnerability was discovered during fuzz testing, which revealed inconsistent return values from vsnprintf() when formatting CPU mask data. The root cause is that the core_cpumask, a data structure representing CPU affinity, can be modified (e.g., due to CPU hotplug events) between the initial length calculation of the formatted string and the actual formatting step. This leads to a mismatch in expected string lengths, causing warnings and potentially unstable behavior during kernel operations that read CPU topology information, such as core_siblings_list. The fix involves caching the cpumask into a temporary variable before printing, ensuring the cpumask remains unchanged during the formatting process. This prevents discrepancies in string length calculations and avoids the warning and potential instability. The vulnerability does not appear to have known exploits in the wild and does not have an assigned CVSS score yet. It affects Linux kernel versions identified by the commit hash bb9ec13d156e85dfd6a8afd0bb61ccf5736ed257 and similar builds.
Potential Impact
For European organizations, the impact of CVE-2024-57917 is primarily related to system stability and reliability rather than direct security breaches such as privilege escalation or data leakage. Systems running affected Linux kernel versions may experience kernel warnings or errors during CPU topology queries, especially in environments where CPU hotplugging is common (e.g., cloud infrastructure, virtualized environments, or high-availability servers). This could lead to degraded performance or unexpected behavior in kernel subsystems that rely on accurate CPU affinity information. While the vulnerability does not directly enable attackers to compromise confidentiality or integrity, it may increase the risk of denial-of-service conditions if kernel components become unstable or crash due to inconsistent cpumask data. European organizations with critical infrastructure, data centers, or cloud services relying on Linux servers could face operational disruptions if this issue is triggered. However, the lack of known exploits and the nature of the vulnerability suggest the risk of active exploitation is low at present.
Mitigation Recommendations
To mitigate CVE-2024-57917, European organizations should promptly apply the Linux kernel patches that address this vulnerability once they become available from trusted sources such as the Linux kernel maintainers or their Linux distribution vendors. Specifically, ensure that the kernel version includes the fix that caches the cpumask before printing to prevent modification during formatting. Organizations operating environments with CPU hotplugging or dynamic CPU affinity changes should prioritize patching to avoid potential instability. Additionally, system administrators should monitor kernel logs for warnings related to kvasprintf or cpumask printing anomalies as early indicators of this issue. For environments where immediate patching is not feasible, consider limiting CPU hotplug operations or scheduling them during maintenance windows to reduce the likelihood of triggering the vulnerability. Regularly updating Linux kernels and maintaining robust change management processes will help minimize exposure to this and similar kernel-level issues.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
CVE-2024-57917: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: topology: Keep the cpumask unchanged when printing cpumap During fuzz testing, the following warning was discovered: different return values (15 and 11) from vsnprintf("%*pbl ", ...) test:keyward is WARNING in kvasprintf WARNING: CPU: 55 PID: 1168477 at lib/kasprintf.c:30 kvasprintf+0x121/0x130 Call Trace: kvasprintf+0x121/0x130 kasprintf+0xa6/0xe0 bitmap_print_to_buf+0x89/0x100 core_siblings_list_read+0x7e/0xb0 kernfs_file_read_iter+0x15b/0x270 new_sync_read+0x153/0x260 vfs_read+0x215/0x290 ksys_read+0xb9/0x160 do_syscall_64+0x56/0x100 entry_SYSCALL_64_after_hwframe+0x78/0xe2 The call trace shows that kvasprintf() reported this warning during the printing of core_siblings_list. kvasprintf() has several steps: (1) First, calculate the length of the resulting formatted string. (2) Allocate a buffer based on the returned length. (3) Then, perform the actual string formatting. (4) Check whether the lengths of the formatted strings returned in steps (1) and (2) are consistent. If the core_cpumask is modified between steps (1) and (3), the lengths obtained in these two steps may not match. Indeed our test includes cpu hotplugging, which should modify core_cpumask while printing. To fix this issue, cache the cpumask into a temporary variable before calling cpumap_print_{list, cpumask}_to_buf(), to keep it unchanged during the printing process.
AI-Powered Analysis
Technical Analysis
CVE-2024-57917 is a vulnerability identified in the Linux kernel related to the handling of CPU topology information during the printing of CPU masks (cpumasks). The issue arises specifically in the function kvasprintf(), which is used to format strings dynamically. The vulnerability was discovered during fuzz testing, which revealed inconsistent return values from vsnprintf() when formatting CPU mask data. The root cause is that the core_cpumask, a data structure representing CPU affinity, can be modified (e.g., due to CPU hotplug events) between the initial length calculation of the formatted string and the actual formatting step. This leads to a mismatch in expected string lengths, causing warnings and potentially unstable behavior during kernel operations that read CPU topology information, such as core_siblings_list. The fix involves caching the cpumask into a temporary variable before printing, ensuring the cpumask remains unchanged during the formatting process. This prevents discrepancies in string length calculations and avoids the warning and potential instability. The vulnerability does not appear to have known exploits in the wild and does not have an assigned CVSS score yet. It affects Linux kernel versions identified by the commit hash bb9ec13d156e85dfd6a8afd0bb61ccf5736ed257 and similar builds.
Potential Impact
For European organizations, the impact of CVE-2024-57917 is primarily related to system stability and reliability rather than direct security breaches such as privilege escalation or data leakage. Systems running affected Linux kernel versions may experience kernel warnings or errors during CPU topology queries, especially in environments where CPU hotplugging is common (e.g., cloud infrastructure, virtualized environments, or high-availability servers). This could lead to degraded performance or unexpected behavior in kernel subsystems that rely on accurate CPU affinity information. While the vulnerability does not directly enable attackers to compromise confidentiality or integrity, it may increase the risk of denial-of-service conditions if kernel components become unstable or crash due to inconsistent cpumask data. European organizations with critical infrastructure, data centers, or cloud services relying on Linux servers could face operational disruptions if this issue is triggered. However, the lack of known exploits and the nature of the vulnerability suggest the risk of active exploitation is low at present.
Mitigation Recommendations
To mitigate CVE-2024-57917, European organizations should promptly apply the Linux kernel patches that address this vulnerability once they become available from trusted sources such as the Linux kernel maintainers or their Linux distribution vendors. Specifically, ensure that the kernel version includes the fix that caches the cpumask before printing to prevent modification during formatting. Organizations operating environments with CPU hotplugging or dynamic CPU affinity changes should prioritize patching to avoid potential instability. Additionally, system administrators should monitor kernel logs for warnings related to kvasprintf or cpumask printing anomalies as early indicators of this issue. For environments where immediate patching is not feasible, consider limiting CPU hotplug operations or scheduling them during maintenance windows to reduce the likelihood of triggering the vulnerability. Regularly updating Linux kernels and maintaining robust change management processes will help minimize exposure to this and similar kernel-level issues.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-01-19T11:50:08.375Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9823c4522896dcbdea2b
Added to database: 5/21/2025, 9:08:51 AM
Last enriched: 6/28/2025, 8:56:10 AM
Last updated: 8/16/2025, 3:51:36 AM
Views: 12
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.