CVE-2024-36019: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-36019 is a vulnerability discovered in the Linux kernel's regmap subsystem, specifically in the regcachemapledrop() function. The vulnerability was disclosed on May 30, 2024, affecting the maple tree-based register cache implementation (Kernel Git).

The vulnerability stems from improper indexing in the regcachemapledrop() function. When keeping the upper end of a cache block entry, the entry[] array must be indexed by the offset from the base register of the block (max - mas.index), but the code was incorrectly indexing entry[] by only the register address. This led to an out-of-bounds access that copied kernel memory over the cache contents. The issue went undetected by regmap KUnit tests because they only tested with register blocks starting at 0, where mas.index equals 0 (Kernel Git).

The vulnerability results in cache corruption due to out-of-bounds memory access, which could potentially expose sensitive kernel memory contents and affect system stability (NVD).

The vulnerability has been patched in the Linux kernel with a fix that corrects the array indexing in the regcachemapledrop() function. The fix has been backported to various stable kernel versions. Users should update their systems to the patched kernel version (Kernel Git).