{"vulnerability": "CVE-2024-57878", "sightings": [{"uuid": "f1c3d8b7-9bee-4f2f-8173-63f83cdaeca5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57878", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfhyrtq3ty2a", "content": "", "creation_timestamp": "2025-01-11T15:15:48.639483Z"}, {"uuid": "7c9a098c-4d4c-4903-9e03-5c861e3f7318", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57878", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfi22fylmb2w", "content": "", "creation_timestamp": "2025-01-11T15:38:30.345631Z"}, {"uuid": "482f881d-5edc-42ed-807b-1beada7db353", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57878", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1317", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-57878\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\narm64: ptrace: fix partial SETREGSET for NT_ARM_FPMR\n\nCurrently fpmr_set() doesn't initialize the temporary 'fpmr' variable,\nand a SETREGSET call with a length of zero will leave this\nuninitialized. Consequently an arbitrary value will be written back to\ntarget->thread.uw.fpmr, potentially leaking up to 64 bits of memory from\nthe kernel stack. The read is limited to a specific slot on the stack,\nand the issue does not provide a write mechanism.\n\nFix this by initializing the temporary value before copying the regset\nfrom userspace, as for other regsets (e.g. NT_PRSTATUS, NT_PRFPREG,\nNT_ARM_SYSTEM_CALL). In the case of a zero-length write, the existing\ncontents of FPMR will be retained.\n\nBefore this patch:\n\n| # ./fpmr-test\n| Attempting to write NT_ARM_FPMR::fpmr = 0x900d900d900d900d\n| SETREGSET(nt=0x40e, len=8) wrote 8 bytes\n|\n| Attempting to read NT_ARM_FPMR::fpmr\n| GETREGSET(nt=0x40e, len=8) read 8 bytes\n| Read NT_ARM_FPMR::fpmr = 0x900d900d900d900d\n|\n| Attempting to write NT_ARM_FPMR (zero length)\n| SETREGSET(nt=0x40e, len=0) wrote 0 bytes\n|\n| Attempting to read NT_ARM_FPMR::fpmr\n| GETREGSET(nt=0x40e, len=8) read 8 bytes\n| Read NT_ARM_FPMR::fpmr = 0xffff800083963d50\n\nAfter this patch:\n\n| # ./fpmr-test\n| Attempting to write NT_ARM_FPMR::fpmr = 0x900d900d900d900d\n| SETREGSET(nt=0x40e, len=8) wrote 8 bytes\n|\n| Attempting to read NT_ARM_FPMR::fpmr\n| GETREGSET(nt=0x40e, len=8) read 8 bytes\n| Read NT_ARM_FPMR::fpmr = 0x900d900d900d900d\n|\n| Attempting to write NT_ARM_FPMR (zero length)\n| SETREGSET(nt=0x40e, len=0) wrote 0 bytes\n|\n| Attempting to read NT_ARM_FPMR::fpmr\n| GETREGSET(nt=0x40e, len=8) read 8 bytes\n| Read NT_ARM_FPMR::fpmr = 0x900d900d900d900d\n\ud83d\udccf Published: 2025-01-11T14:49:04.088Z\n\ud83d\udccf Modified: 2025-01-11T14:49:04.088Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/8ab73c34e3c5b580721696665eabd799346bc50b\n2. https://git.kernel.org/stable/c/f5d71291841aecfe5d8435da2dfa7f58ccd18bc8", "creation_timestamp": "2025-01-11T15:04:27.000000Z"}, {"uuid": "e0acdd48-caa9-46a8-b52c-6fc90f0611b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-57878", "type": "seen", "source": "https://t.me/cvedetector/15086", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-57878 - Linux Kernel Arm64 Ptrace FPMR Initialization Leak\", \n  \"Content\": \"CVE ID : CVE-2024-57878 \nPublished : Jan. 11, 2025, 3:15 p.m. | 42\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \narm64: ptrace: fix partial SETREGSET for NT_ARM_FPMR  \n  \nCurrently fpmr_set() doesn't initialize the temporary 'fpmr' variable,  \nand a SETREGSET call with a length of zero will leave this  \nuninitialized. Consequently an arbitrary value will be written back to  \ntarget->thread.uw.fpmr, potentially leaking up to 64 bits of memory from  \nthe kernel stack. The read is limited to a specific slot on the stack,  \nand the issue does not provide a write mechanism.  \n  \nFix this by initializing the temporary value before copying the regset  \nfrom userspace, as for other regsets (e.g. NT_PRSTATUS, NT_PRFPREG,  \nNT_ARM_SYSTEM_CALL). In the case of a zero-length write, the existing  \ncontents of FPMR will be retained.  \n  \nBefore this patch:  \n  \n| # ./fpmr-test  \n| Attempting to write NT_ARM_FPMR::fpmr = 0x900d900d900d900d  \n| SETREGSET(nt=0x40e, len=8) wrote 8 bytes  \n|  \n| Attempting to read NT_ARM_FPMR::fpmr  \n| GETREGSET(nt=0x40e, len=8) read 8 bytes  \n| Read NT_ARM_FPMR::fpmr = 0x900d900d900d900d  \n|  \n| Attempting to write NT_ARM_FPMR (zero length)  \n| SETREGSET(nt=0x40e, len=0) wrote 0 bytes  \n|  \n| Attempting to read NT_ARM_FPMR::fpmr  \n| GETREGSET(nt=0x40e, len=8) read 8 bytes  \n| Read NT_ARM_FPMR::fpmr = 0xffff800083963d50  \n  \nAfter this patch:  \n  \n| # ./fpmr-test  \n| Attempting to write NT_ARM_FPMR::fpmr = 0x900d900d900d900d  \n| SETREGSET(nt=0x40e, len=8) wrote 8 bytes  \n|  \n| Attempting to read NT_ARM_FPMR::fpmr  \n| GETREGSET(nt=0x40e, len=8) read 8 bytes  \n| Read NT_ARM_FPMR::fpmr = 0x900d900d900d900d  \n|  \n| Attempting to write NT_ARM_FPMR (zero length)  \n| SETREGSET(nt=0x40e, len=0) wrote 0 bytes  \n|  \n| Attempting to read NT_ARM_FPMR::fpmr  \n| GETREGSET(nt=0x40e, len=8) read 8 bytes  \n| Read NT_ARM_FPMR::fpmr = 0x900d900d900d900d \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-11T17:26:32.000000Z"}]}