What is the severity of CVE-2024-57878?

CVE-2024-57878 is considered to have a moderate severity level due to its potential impact on the functionality of the Linux kernel.

How do I fix CVE-2024-57878?

To fix CVE-2024-57878, update your Linux kernel to version 6.12.5 or higher.

Which versions of the Linux kernel are affected by CVE-2024-57878?

CVE-2024-57878 affects Linux kernel versions from 6.9 up to 6.12.5, including a specific instance in 6.13-rc1.

What is the nature of the vulnerability in CVE-2024-57878?

CVE-2024-57878 involves a flaw in the ptrace functionality, specifically a failure to initialize a variable which can lead to potential issues.

Who reported CVE-2024-57878?

The details for CVE-2024-57878 were resolved and reported by contributors to the Linux kernel development community.

Vulnerability/
CVE-2024-57878

medium

6.1

CWE

908

11/1/2025

3/2/2025

CVE-2024-57878: arm64: ptrace: fix partial SETREGSET for NT_ARM_FPMR

First published: Sat Jan 11 2025(Updated: )

In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for NT_ARM_FPMR Currently fpmr_set() doesn't initialize the temporary 'fpmr' variable, and a SETREGSET call with a length of zero will leave this uninitialized. Consequently an arbitrary value will be written back to target->thread.uw.fpmr, potentially leaking up to 64 bits of memory from the kernel stack. The read is limited to a specific slot on the stack, and the issue does not provide a write mechanism. Fix this by initializing the temporary value before copying the regset from userspace, as for other regsets (e.g. NT_PRSTATUS, NT_PRFPREG, NT_ARM_SYSTEM_CALL). In the case of a zero-length write, the existing contents of FPMR will be retained. Before this patch: | # ./fpmr-test | Attempting to write NT_ARM_FPMR::fpmr = 0x900d900d900d900d | SETREGSET(nt=0x40e, len=8) wrote 8 bytes | | Attempting to read NT_ARM_FPMR::fpmr | GETREGSET(nt=0x40e, len=8) read 8 bytes | Read NT_ARM_FPMR::fpmr = 0x900d900d900d900d | | Attempting to write NT_ARM_FPMR (zero length) | SETREGSET(nt=0x40e, len=0) wrote 0 bytes | | Attempting to read NT_ARM_FPMR::fpmr | GETREGSET(nt=0x40e, len=8) read 8 bytes | Read NT_ARM_FPMR::fpmr = 0xffff800083963d50 After this patch: | # ./fpmr-test | Attempting to write NT_ARM_FPMR::fpmr = 0x900d900d900d900d | SETREGSET(nt=0x40e, len=8) wrote 8 bytes | | Attempting to read NT_ARM_FPMR::fpmr | GETREGSET(nt=0x40e, len=8) read 8 bytes | Read NT_ARM_FPMR::fpmr = 0x900d900d900d900d | | Attempting to write NT_ARM_FPMR (zero length) | SETREGSET(nt=0x40e, len=0) wrote 0 bytes | | Attempting to read NT_ARM_FPMR::fpmr | GETREGSET(nt=0x40e, len=8) read 8 bytes | Read NT_ARM_FPMR::fpmr = 0x900d900d900d900d

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected Software	Affected Version	How to fix
Linux Kernel	>=6.9<6.12.5
Linux Kernel	=6.13-rc1
Linux Kernel

Remedy

https://git.kernel.org/stable/c/8ab73c34e3c5b580721696665eabd799346bc50b

Remedy

https://git.kernel.org/stable/c/f5d71291841aecfe5d8435da2dfa7f58ccd18bc8

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-57878?
CVE-2024-57878 is considered to have a moderate severity level due to its potential impact on the functionality of the Linux kernel.
How do I fix CVE-2024-57878?
To fix CVE-2024-57878, update your Linux kernel to version 6.12.5 or higher.
Which versions of the Linux kernel are affected by CVE-2024-57878?
CVE-2024-57878 affects Linux kernel versions from 6.9 up to 6.12.5, including a specific instance in 6.13-rc1.
What is the nature of the vulnerability in CVE-2024-57878?
CVE-2024-57878 involves a flaw in the ptrace functionality, specifically a failure to initialize a variable which can lead to potential issues.
Who reported CVE-2024-57878?
The details for CVE-2024-57878 were resolved and reported by contributors to the Linux kernel development community.

agent/title
agent/references
agent/description
agent/type
agent/first-publish-date
agent/author
agent/source
collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/severity
agent/remedy
agent/weakness
agent/last-modified-date
agent/softwarecombine
agent/event
agent/guess-ai
agent/software-canonical-lookup-request
agent/tags
vendor/linux
canonical/linux kernel
version/linux kernel/6.9
version/linux kernel/6.13-rc1
vendor/linux foundation

Frequently Asked Questions

What is the severity of CVE-2024-57878?
CVE-2024-57878 is considered to have a moderate severity level due to its potential impact on the functionality of the Linux kernel.
How do I fix CVE-2024-57878?
To fix CVE-2024-57878, update your Linux kernel to version 6.12.5 or higher.
Which versions of the Linux kernel are affected by CVE-2024-57878?
CVE-2024-57878 affects Linux kernel versions from 6.9 up to 6.12.5, including a specific instance in 6.13-rc1.
What is the nature of the vulnerability in CVE-2024-57878?
CVE-2024-57878 involves a flaw in the ptrace functionality, specifically a failure to initialize a variable which can lead to potential issues.
Who reported CVE-2024-57878?
The details for CVE-2024-57878 were resolved and reported by contributors to the Linux kernel development community.

CVE-2024-57878: arm64: ptrace: fix partial SETREGSET for NT_ARM_FPMR

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-57878?

How do I fix CVE-2024-57878?

Which versions of the Linux kernel are affected by CVE-2024-57878?

What is the nature of the vulnerability in CVE-2024-57878?

Who reported CVE-2024-57878?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2024-57878?

How do I fix CVE-2024-57878?

Which versions of the Linux kernel are affected by CVE-2024-57878?

What is the nature of the vulnerability in CVE-2024-57878?

Who reported CVE-2024-57878?