CVE-2024-49862 in Linuxinfo

Summary

by MITRE • 10/21/2024

In the Linux kernel, the following vulnerability has been resolved:

powercap: intel_rapl: Fix off by one in get_rpi()

The rp->priv->rpi array is either rpi_msr or rpi_tpmi which have NR_RAPL_PRIMITIVES number of elements. Thus the > needs to be >= to prevent an off by one access.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 01/19/2026

The vulnerability identified as CVE-2024-49862 resides within the Linux kernel's powercap subsystem, specifically affecting the intel_rapl driver responsible for managing Intel Running Average Power Limit (RAPL) functionality. This issue represents a classic buffer overread condition that could potentially lead to system instability or information disclosure. The powercap framework in Linux provides interfaces for monitoring and controlling power consumption across various hardware components, with intel_rapl specifically handling Intel processor power management capabilities. The RAPL subsystem is critical for power-aware computing environments where precise power monitoring and control are essential for both performance optimization and energy efficiency.

The technical flaw manifests in the get_rpi() function where array boundary checking is performed incorrectly. The rp->priv->rpi array can contain either rpi_msr or rpi_tpmi elements, each with NR_RAPL_PRIMITIVES number of elements. The current implementation uses a greater than comparison operator instead of a greater than or equal to comparison, creating an off-by-one error condition. This logical flaw allows for array access beyond the allocated memory boundaries, potentially resulting in reading invalid memory locations or corrupting adjacent data structures. Such memory safety issues are particularly dangerous in kernel space where they can lead to privilege escalation or system crashes.

The operational impact of this vulnerability extends beyond simple memory corruption, as it could enable attackers to exploit the buffer overread condition to gain unauthorized access to kernel memory spaces. The intel_rapl driver operates with elevated privileges and handles critical power management functions, making this vulnerability particularly concerning for systems where security is paramount. Attackers could potentially leverage this flaw to extract sensitive information from kernel memory, disrupt power management operations, or establish persistent access to the system. The vulnerability affects systems running Linux kernels with the intel_rapl driver enabled, particularly those utilizing Intel processors with RAPL capabilities.

Mitigation strategies should prioritize immediate kernel updates from trusted sources, as this vulnerability requires a fix in the kernel code itself. System administrators should monitor for patches from their distribution vendors and apply updates promptly to address the buffer overread condition. Additionally, implementing runtime protections such as kernel address space layout randomization and stack canaries can provide defense-in-depth measures. Organizations should also consider disabling unused power management features when possible and regularly audit their kernel configurations to minimize attack surface. This vulnerability aligns with CWE-129, which covers improper validation of array indices, and could potentially map to ATT&CK technique T1068, which involves exploiting legitimate credentials for privilege escalation. The fix involves correcting the boundary condition in the get_rpi() function to ensure proper array access validation.

Responsible

Linux

Reservation

10/21/2024

Disclosure

10/21/2024

Moderation

accepted

CPE

ready

EPSS

0.00228

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!