CVE-2024-26712 in Linux
Summary
by MITRE • 04/03/2024
In the Linux kernel, the following vulnerability has been resolved:
powerpc/kasan: Fix addr error caused by page alignment
In kasan_init_region, when k_start is not page aligned, at the begin of for loop, k_cur = k_start & PAGE_MASK is less than k_start, and then `va = block + k_cur - k_start` is less than block, the addr va is invalid, because the memory address space from va to block is not alloced by memblock_alloc, which will not be reserved by memblock_reserve later, it will be used by other places.
As a result, memory overwriting occurs.
for example: int __init __weak kasan_init_region(void *start, size_t size) {
[...]
/* if say block(dcd97000) k_start(feef7400) k_end(feeff3fe) */ block = memblock_alloc(k_end - k_start, PAGE_SIZE); [...]
for (k_cur = k_start & PAGE_MASK; k_cur < k_end; k_cur += PAGE_SIZE) {
/* at the begin of for loop * block(dcd97000) va(dcd96c00) k_cur(feef7000) k_start(feef7400) * va(dcd96c00) is less than block(dcd97000), va is invalid */ void *va = block + k_cur - k_start; [...]
} [...]
}
Therefore, page alignment is performed on k_start before memblock_alloc() to ensure the validity of the VA address.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 08/03/2025
The vulnerability CVE-2024-26712 represents a critical memory management flaw in the Linux kernel's powerpc architecture implementation of Kernel Address Sanitizer (KASAN). This issue specifically affects the kasan_init_region function where improper handling of page alignment leads to invalid memory address calculations. The vulnerability stems from a fundamental flaw in how the kernel computes virtual addresses during memory initialization, creating conditions where memory overwriting can occur. When the starting address k_start is not page aligned, the arithmetic operations within the for loop generate invalid virtual addresses that point to memory regions not properly reserved by the kernel's memory management subsystem.
The technical execution of this vulnerability occurs during the initialization phase of KASAN memory regions on powerpc systems. The function kasan_init_region attempts to allocate memory using memblock_alloc with a calculated size based on k_end - k_start, but fails to account for page alignment requirements before performing address calculations. When k_start is not aligned to PAGE_SIZE boundaries, the variable k_cur becomes misaligned during the loop execution, causing the expression va = block + k_cur - k_start to produce addresses that fall below the allocated block boundary. This mathematical error creates a scenario where virtual addresses reference memory regions that were never allocated through memblock_alloc and subsequently not reserved, making them available for reuse by other kernel components.
The operational impact of CVE-2024-26712 extends beyond simple memory corruption, potentially enabling arbitrary code execution and system instability. Memory overwriting caused by this vulnerability can corrupt critical kernel data structures, leading to privilege escalation attacks or complete system crashes. The vulnerability affects systems running Linux kernels on powerpc architectures where KASAN is enabled, making it particularly concerning for security-sensitive environments that rely on kernel memory protection mechanisms. Attackers could exploit this flaw to gain elevated privileges or cause denial of service conditions by manipulating memory layout during kernel initialization processes. This vulnerability directly relates to CWE-121 and CWE-122 categories, which cover stack buffer overflow and heap buffer overflow conditions, respectively, as the improper memory handling creates conditions for unauthorized memory access patterns.
Mitigation strategies for CVE-2024-26712 require immediate kernel updates from vendors who have patched this specific alignment issue. The fix implements proper page alignment of k_start before memblock_alloc() is called, ensuring that all virtual address calculations within the kasan_init_region function remain within valid memory boundaries. System administrators should prioritize applying kernel patches that address this memory management inconsistency and verify that powerpc systems have proper memory alignment handling during KASAN initialization. Monitoring for unusual memory access patterns or kernel crashes during boot processes can help detect exploitation attempts. Additionally, organizations should review their kernel configuration to ensure that KASAN is properly implemented with appropriate alignment checks, as this vulnerability demonstrates the critical importance of proper memory boundary handling in kernel space operations. The ATT&CK framework categorizes this vulnerability under T1068 (Exploitation for Privilege Escalation) and T1499 (Endpoint Denial of Service) techniques, as it can enable both privilege escalation and system stability compromise through memory corruption.