CVE-2024-56662 in Linux
Summary
by MITRE • 12/27/2024
In the Linux kernel, the following vulnerability has been resolved:
acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl
Fix an issue detected by syzbot with KASAN:
BUG: KASAN: vmalloc-out-of-bounds in cmd_to_func drivers/acpi/nfit/ core.c:416 [inline]
BUG: KASAN: vmalloc-out-of-bounds in acpi_nfit_ctl+0x20e8/0x24a0 drivers/acpi/nfit/core.c:459
The issue occurs in cmd_to_func when the call_pkg->nd_reserved2 array is accessed without verifying that call_pkg points to a buffer that is appropriately sized as a struct nd_cmd_pkg. This can lead to out-of-bounds access and undefined behavior if the buffer does not have sufficient space.
To address this, a check was added in acpi_nfit_ctl() to ensure that buf is not NULL and that buf_len is less than sizeof(*call_pkg) before accessing it. This ensures safe access to the members of call_pkg, including the nd_reserved2 array.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 01/12/2026
The vulnerability identified as CVE-2024-56662 resides within the Linux kernel's ACPI NVDIMM Interface Translation (nfit) subsystem, specifically affecting the acpi_nfit_ctl function in the core.c file. This represents a critical memory safety issue that could potentially be exploited to achieve arbitrary code execution or system instability. The flaw manifests as a vmalloc-out-of-bounds read condition that was detected through automated kernel testing via syzbot and KASAN memory error detection mechanisms. The vulnerability occurs during the processing of NVDIMM commands where the kernel attempts to access memory beyond the allocated buffer boundaries, creating a potential attack surface for privilege escalation or denial of service scenarios.
The technical root cause of this vulnerability stems from inadequate input validation within the cmd_to_func function located in drivers/acpi/nfit/core.c at line 416. The system fails to validate that the call_pkg pointer references a properly sized buffer that conforms to the nd_cmd_pkg structure definition before attempting to access the nd_reserved2 array member. This oversight creates a scenario where malicious input could cause the kernel to read beyond the allocated memory region, potentially accessing uninitialized memory or memory belonging to other kernel data structures. The vulnerability specifically impacts the buffer validation logic that should ensure proper sizing of the input buffer before member access operations are performed, creating a classic out-of-bounds read condition that violates fundamental memory safety principles.
This vulnerability presents significant operational risks within Linux kernel environments that utilize ACPI NVDIMM functionality, particularly in server and enterprise computing environments where persistent memory devices are deployed. The out-of-bounds read condition could lead to information disclosure, system crashes, or potentially more severe consequences if exploited by attackers with appropriate privileges. The vulnerability is particularly concerning because it occurs in kernel space where such memory corruption issues can result in complete system compromise. Attackers could potentially leverage this flaw to gain elevated privileges or cause system instability through controlled buffer over-reads that might expose kernel memory contents or corrupt critical data structures.
The fix implemented addresses this vulnerability by adding comprehensive input validation checks within the acpi_nfit_ctl function before accessing the call_pkg buffer. The solution ensures that buf is not NULL and that buf_len is properly validated against sizeof(*call_pkg) before any member access operations occur. This approach follows established security best practices for input validation and buffer boundary checking, directly addressing the root cause identified by KASAN memory error detection. The mitigation strategy aligns with CWE-129: Improper Validation of Array Index and CWE-787: Out-of-bounds Write or Read, ensuring that all buffer access operations are properly bounded and validated. The fix also corresponds to ATT&CK technique T1068: Exploitation for Privilege Escalation by preventing the conditions that could enable such exploitation paths. Organizations should prioritize applying this patch to all affected kernel versions, particularly in environments utilizing NVDIMM storage technologies where the nfit subsystem is actively engaged.