{"uuid": "b6821faa-23fa-42d6-8808-634c8cf40d44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-57877", "type": "seen", "source": "https://t.me/cvedetector/15085", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-57877 - Linux Kernel arm64: ptrace: POR_EL0 Information Leak\", \n  \"Content\": \"CVE ID : CVE-2024-57877 \nPublished : Jan. 11, 2025, 3:15 p.m. | 42\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \narm64: ptrace: fix partial SETREGSET for NT_ARM_POE  \n  \nCurrently poe_set() doesn't initialize the temporary 'ctrl' variable,  \nand a SETREGSET call with a length of zero will leave this  \nuninitialized. Consequently an arbitrary value will be written back to  \ntarget->thread.por_el0, potentially leaking up to 64 bits of memory from  \nthe kernel stack. The read is limited to a specific slot on the stack,  \nand the issue does not provide a write mechanism.  \n  \nFix this by initializing the temporary value before copying the regset  \nfrom userspace, as for other regsets (e.g. NT_PRSTATUS, NT_PRFPREG,  \nNT_ARM_SYSTEM_CALL). In the case of a zero-length write, the existing  \ncontents of POR_EL1 will be retained.  \n  \nBefore this patch:  \n  \n| # ./poe-test  \n| Attempting to write NT_ARM_POE::por_el0 = 0x900d900d900d900d  \n| SETREGSET(nt=0x40f, len=8) wrote 8 bytes  \n|  \n| Attempting to read NT_ARM_POE::por_el0  \n| GETREGSET(nt=0x40f, len=8) read 8 bytes  \n| Read NT_ARM_POE::por_el0 = 0x900d900d900d900d  \n|  \n| Attempting to write NT_ARM_POE (zero length)  \n| SETREGSET(nt=0x40f, len=0) wrote 0 bytes  \n|  \n| Attempting to read NT_ARM_POE::por_el0  \n| GETREGSET(nt=0x40f, len=8) read 8 bytes  \n| Read NT_ARM_POE::por_el0 = 0xffff8000839c3d50  \n  \nAfter this patch:  \n  \n| # ./poe-test  \n| Attempting to write NT_ARM_POE::por_el0 = 0x900d900d900d900d  \n| SETREGSET(nt=0x40f, len=8) wrote 8 bytes  \n|  \n| Attempting to read NT_ARM_POE::por_el0  \n| GETREGSET(nt=0x40f, len=8) read 8 bytes  \n| Read NT_ARM_POE::por_el0 = 0x900d900d900d900d  \n|  \n| Attempting to write NT_ARM_POE (zero length)  \n| SETREGSET(nt=0x40f, len=0) wrote 0 bytes  \n|  \n| Attempting to read NT_ARM_POE::por_el0  \n| GETREGSET(nt=0x40f, len=8) read 8 bytes  \n| Read NT_ARM_POE::por_el0 = 0x900d900d900d900d \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-11T17:26:28.000000Z"}