| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.9 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.12.12/6.13.1. This affects an unknown part. This manipulation causes data authenticity. The identification of this vulnerability is CVE-2024-57999. There is no exploit available. It is advisable to upgrade the affected component.
Details
A vulnerability classified as problematic was found in Linux Kernel up to 6.12.12/6.13.1. Affected by this vulnerability is an unknown functionality. The manipulation with an unknown input leads to a data authenticity vulnerability. The CWE definition for the vulnerability is CWE-345. The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data. The impact remains unknown. The summary by CVE is:
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW Power Hypervisor can possibily allocate MMIO window intersecting with Dynamic DMA Window (DDW) range, which is over 32-bit addressing. These MMIO pages needs to be marked as reserved so that IOMMU doesn't map DMA buffers in this range. The current code is not marking these pages correctly which is resulting in LPAR to OOPS while booting. The stack is at below BUG: Unable to handle kernel data access on read at 0xc00800005cd40000 Faulting instruction address: 0xc00000000005cdac Oops: Kernel access of bad area, sig: 11 [#1] LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries Modules linked in: af_packet rfkill ibmveth(X) lpfc(+) nvmet_fc nvmet nvme_keyring crct10dif_vpmsum nvme_fc nvme_fabrics nvme_core be2net(+) nvme_auth rtc_generic nfsd auth_rpcgss nfs_acl lockd grace sunrpc fuse configfs ip_tables x_tables xfs libcrc32c dm_service_time ibmvfc(X) scsi_transport_fc vmx_crypto gf128mul crc32c_vpmsum dm_mirror dm_region_hash dm_log dm_multipath dm_mod sd_mod scsi_dh_emc scsi_dh_rdac scsi_dh_alua t10_pi crc64_rocksoft_generic crc64_rocksoft sg crc64 scsi_mod Supported: Yes, External CPU: 8 PID: 241 Comm: kworker/8:1 Kdump: loaded Not tainted 6.4.0-150600.23.14-default #1 SLE15-SP6 b44ee71c81261b9e4bab5e0cde1f2ed891d5359b Hardware name: IBM,9080-M9S POWER9 (raw) 0x4e2103 0xf000005 of:IBM,FW950.B0 (VH950_149) hv:phyp pSeries Workqueue: events work_for_cpu_fn NIP: c00000000005cdac LR: c00000000005e830 CTR: 0000000000000000 REGS: c00001400c9ff770 TRAP: 0300 Not tainted (6.4.0-150600.23.14-default) MSR: 800000000280b033 CR: 24228448 XER: 00000001 CFAR: c00000000005cdd4 DAR: c00800005cd40000 DSISR: 40000000 IRQMASK: 0 GPR00: c00000000005e830 c00001400c9ffa10 c000000001987d00 c00001400c4fe800 GPR04: 0000080000000000 0000000000000001 0000000004000000 0000000000800000 GPR08: 0000000004000000 0000000000000001 c00800005cd40000 ffffffffffffffff GPR12: 0000000084228882 c00000000a4c4f00 0000000000000010 0000080000000000 GPR16: c00001400c4fe800 0000000004000000 0800000000000000 c00000006088b800 GPR20: c00001401a7be980 c00001400eff3800 c000000002a2da68 000000000000002b GPR24: c0000000026793a8 c000000002679368 000000000000002a c0000000026793c8 GPR28: 000008007effffff 0000080000000000 0000000000800000 c00001400c4fe800 NIP [c00000000005cdac] iommu_table_reserve_pages+0xac/0x100 LR [c00000000005e830] iommu_init_table+0x80/0x1e0 Call Trace: [c00001400c9ffa10] [c00000000005e810] iommu_init_table+0x60/0x1e0 (unreliable) [c00001400c9ffa90] [c00000000010356c] iommu_bypass_supported_pSeriesLP+0x9cc/0xe40 [c00001400c9ffc30] [c00000000005c300] dma_iommu_dma_supported+0xf0/0x230 [c00001400c9ffcb0] [c00000000024b0c4] dma_supported+0x44/0x90 [c00001400c9ffcd0] [c00000000024b14c] dma_set_mask+0x3c/0x80 [c00001400c9ffd00] [c0080000555b715c] be_probe+0xc4/0xb90 [be2net] [c00001400c9ffdc0] [c000000000986f3c] local_pci_probe+0x6c/0x110 [c00001400c9ffe40] [c000000000188f28] work_for_cpu_fn+0x38/0x60 [c00001400c9ffe70] [c00000000018e454] process_one_work+0x314/0x620 [c00001400c9fff10] [c00000000018f280] worker_thread+0x2b0/0x620 [c00001400c9fff90] [c00000000019bb18] kthread+0x148/0x150 [c00001400c9fffe0] [c00000000000ded8] start_kernel_thread+0x14/0x18 There are 2 issues in the code 1. The index is "int" while the address is "unsigned long". This results in negative value when setting the bitmap. 2. The DMA offset is page shifted but the MMIO range is used as-is (64-bit address). MMIO address needs to be page shifted as well.
It is possible to read the advisory at git.kernel.org. This vulnerability is known as CVE-2024-57999 since 02/27/2025. The exploitation appears to be difficult. The technical details are unknown and an exploit is not publicly available.
The vulnerability scanner Nessus provides a plugin with the ID 236983 (Ubuntu 24.04 LTS / 24.10 : Linux kernel vulnerabilities (USN-7521-1)), which helps to determine the existence of the flaw in a target environment.
Upgrading to version 6.12.13, 6.13.2 or 6.14-rc1 eliminates this vulnerability. Applying the patch 7043d58ecd1381674f5b2c894deb6986a1a4896b/d8cc20a8cceb3b5e8ad2e11365e3100ba36a27e9/8f70caad82e9c088ed93b4fea48d941ab6441886 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.
The vulnerability is also documented in the databases at Tenable (236983) and CERT Bund (WID-SEC-2025-0453). Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Affected
- Google Container-Optimized OS
- Debian Linux
- Amazon Linux 2
- Red Hat Enterprise Linux
- Ubuntu Linux
- SUSE Linux
- Oracle Linux
- Siemens SIMATIC S7
- RESF Rocky Linux
- Dell NetWorker
- Dell Avamar
- Red Hat OpenShift
- IBM QRadar SIEM
- SolarWinds Security Event Manager
- Dell PowerProtect Data Domain
- Open Source Linux Kernel
- IBM DataPower Gateway
- Dell Secure Connect Gateway
- Dell PowerScale OneFS
- Dell ECS
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.kernel.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.0VulDB Meta Temp Score: 4.9
VulDB Base Score: 4.6
VulDB Temp Score: 4.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 5.5
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Data authenticityCWE: CWE-345
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 236983
Nessus Name: Ubuntu 24.04 LTS / 24.10 : Linux kernel vulnerabilities (USN-7521-1)
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Kernel 6.12.13/6.13.2/6.14-rc1
Patch: 7043d58ecd1381674f5b2c894deb6986a1a4896b/d8cc20a8cceb3b5e8ad2e11365e3100ba36a27e9/8f70caad82e9c088ed93b4fea48d941ab6441886
Timeline
02/27/2025 🔍02/27/2025 🔍
02/27/2025 🔍
05/24/2026 🔍
Sources
Vendor: kernel.orgAdvisory: git.kernel.org
Status: Confirmed
CVE: CVE-2024-57999 (🔍)
GCVE (CVE): GCVE-0-2024-57999
GCVE (VulDB): GCVE-100-297739
CERT Bund: WID-SEC-2025-0453 - Linux Kernel: Mehrere Schwachstellen
Entry
Created: 02/27/2025 08:44Updated: 05/24/2026 20:28
Changes: 02/27/2025 08:44 (56), 05/20/2025 23:01 (2), 08/13/2025 13:30 (7), 09/30/2025 08:52 (1), 10/09/2025 23:00 (1), 10/23/2025 19:59 (12), 10/25/2025 05:37 (1), 11/09/2025 21:34 (1), 01/18/2026 00:46 (1), 05/24/2026 20:28 (1)
Complete: 🔍
Cache ID: 216::103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

No comments yet. Languages: en.
Please log in to comment.