CVE-2024-46822 in Linuxinfo

Summary

by MITRE • 09/27/2024

In the Linux kernel, the following vulnerability has been resolved:

arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry

In a review discussion of the changes to support vCPU hotplug where a check was added on the GICC being enabled if was online, it was noted that there is need to map back to the cpu and use that to index into a cpumask. As such, a valid ID is needed.

If an MPIDR check fails in acpi_map_gic_cpu_interface() it is possible for the entry in cpu_madt_gicc[cpu] == NULL. This function would
then cause a NULL pointer dereference. Whilst a path to trigger this has not been established, harden this caller against the possibility.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 04/04/2026

The vulnerability described in CVE-2024-46822 represents a critical null pointer dereference issue within the Linux kernel's ARM64 ACPI subsystem that could potentially lead to system instability or denial of service conditions. This flaw specifically affects the acpi_map_gic_cpu_interface() function which is responsible for mapping GIC CPU interfaces during ACPI-based system initialization. The vulnerability arises from insufficient validation of CPU entry mappings when processing ACPI MADT (Multiple APIC Description Table) entries, particularly in scenarios involving virtual CPU hotplugging operations.

The technical implementation of this vulnerability stems from the improper handling of MPIDR (Multiprocessor ID Register) validation within the ARM64 ACPI subsystem. When the MPIDR check fails during the acpi_map_gic_cpu_interface() function execution, the cpu_madt_gicc[cpu] array element can become NULL, creating a scenario where subsequent code attempts to dereference this null pointer during the get_cpu_for_acpi_id() function call. This occurs because the system fails to properly validate that a valid CPU entry exists before attempting to map back to the CPU and index into the cpumask structure. The flaw demonstrates a classic lack of input validation and error handling that violates fundamental security principles and can be categorized under CWE-476 as NULL Pointer Dereference.

The operational impact of this vulnerability extends beyond simple system crashes, potentially enabling attackers to cause system instability or denial of service conditions in environments utilizing ARM64 architectures with ACPI-based systems. The vulnerability is particularly concerning in virtualized environments where vCPU hotplug operations are common, as the conditions that trigger the null pointer dereference may be more easily reproducible in such scenarios. Attackers could potentially exploit this weakness to force kernel panics or system reboots, disrupting critical services and potentially providing a foothold for further exploitation. This aligns with ATT&CK technique T1499.004 which involves network denial of service attacks, as system instability could be leveraged to create availability disruptions.

The kernel's ARM64 ACPI implementation requires robust error handling to prevent null pointer dereferences during CPU mapping operations. The fix involves implementing proper validation checks to ensure that CPU entries are valid before attempting to access them in the cpu_madt_gicc array. This includes verifying that the MPIDR validation succeeds and that corresponding CPU entries exist in the MADT before proceeding with any mapping operations. The remediation should also include proper error propagation mechanisms that prevent the system from attempting to dereference null pointers, thereby maintaining system stability and preventing potential privilege escalation scenarios. Organizations should prioritize applying the kernel patches that address this vulnerability, particularly those systems running ARM64 architectures with ACPI support, as the potential for exploitation remains significant given the nature of the null pointer dereference.

Responsible

Linux

Reservation

09/11/2024

Disclosure

09/27/2024

Moderation

accepted

CPE

ready

EPSS

0.00243

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!