CVE-2024-45014: 
Linux Debian vulnerability analysis and mitigation

A vulnerability in the Linux kernel's s390 architecture boot process has been identified (CVE-2024-45014). The issue affects the physical memory allocation for the kernel image, where it fails to account for additional memory required to offset the image start to match with the lower 20 bits of KASLR virtual base address. This vulnerability was discovered in Linux kernel versions from 6.10 up to (excluding) 6.10.7, and version 6.11 release candidates (rc1 through rc4) (NVD).

The vulnerability stems from incorrect memory allocation calculations during the kernel boot process on s390 systems. The issue occurs when physical memory is allocated for the kernel image without considering the extra memory needed for offsetting the image start to align with the KASLR (Kernel Address Space Layout Randomization) virtual base address's lower 20 bits. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with a vector of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local access requirements and potential high impact on availability (NVD).

The vulnerability could lead to kernel access beyond its allocated memory range, potentially resulting in memory corruption and system instability. This issue specifically affects the physmem_info segment, which could be corrupted due to improper memory boundary calculations (Kernel Patch).

The issue has been fixed in the Linux kernel through patches that modify the memory allocation calculations. The fix involves considering the additional memory required for KASLR offset when calculating the memory range, specifically updating the calculation to use 'kernelsize + kaslrlargepageoffset' instead of just the kernel size (Kernel Patch).