{"uuid": "e0acdd48-caa9-46a8-b52c-6fc90f0611b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57878", "type": "seen", "source": "https://t.me/cvedetector/15086", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-57878 - Linux Kernel Arm64 Ptrace FPMR Initialization Leak\", \n  \"Content\": \"CVE ID : CVE-2024-57878 \nPublished : Jan. 11, 2025, 3:15 p.m. | 42\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \narm64: ptrace: fix partial SETREGSET for NT_ARM_FPMR  \n  \nCurrently fpmr_set() doesn't initialize the temporary 'fpmr' variable,  \nand a SETREGSET call with a length of zero will leave this  \nuninitialized. Consequently an arbitrary value will be written back to  \ntarget->thread.uw.fpmr, potentially leaking up to 64 bits of memory from  \nthe kernel stack. The read is limited to a specific slot on the stack,  \nand the issue does not provide a write mechanism.  \n  \nFix this by initializing the temporary value before copying the regset  \nfrom userspace, as for other regsets (e.g. NT_PRSTATUS, NT_PRFPREG,  \nNT_ARM_SYSTEM_CALL). In the case of a zero-length write, the existing  \ncontents of FPMR will be retained.  \n  \nBefore this patch:  \n  \n| # ./fpmr-test  \n| Attempting to write NT_ARM_FPMR::fpmr = 0x900d900d900d900d  \n| SETREGSET(nt=0x40e, len=8) wrote 8 bytes  \n|  \n| Attempting to read NT_ARM_FPMR::fpmr  \n| GETREGSET(nt=0x40e, len=8) read 8 bytes  \n| Read NT_ARM_FPMR::fpmr = 0x900d900d900d900d  \n|  \n| Attempting to write NT_ARM_FPMR (zero length)  \n| SETREGSET(nt=0x40e, len=0) wrote 0 bytes  \n|  \n| Attempting to read NT_ARM_FPMR::fpmr  \n| GETREGSET(nt=0x40e, len=8) read 8 bytes  \n| Read NT_ARM_FPMR::fpmr = 0xffff800083963d50  \n  \nAfter this patch:  \n  \n| # ./fpmr-test  \n| Attempting to write NT_ARM_FPMR::fpmr = 0x900d900d900d900d  \n| SETREGSET(nt=0x40e, len=8) wrote 8 bytes  \n|  \n| Attempting to read NT_ARM_FPMR::fpmr  \n| GETREGSET(nt=0x40e, len=8) read 8 bytes  \n| Read NT_ARM_FPMR::fpmr = 0x900d900d900d900d  \n|  \n| Attempting to write NT_ARM_FPMR (zero length)  \n| SETREGSET(nt=0x40e, len=0) wrote 0 bytes  \n|  \n| Attempting to read NT_ARM_FPMR::fpmr  \n| GETREGSET(nt=0x40e, len=8) read 8 bytes  \n| Read NT_ARM_FPMR::fpmr = 0x900d900d900d900d \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-11T17:26:32.000000Z"}