CVE-2024-49885: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, a vulnerability (CVE-2024-49885) has been identified and resolved in the memory management subsystem, specifically in the SLUB allocator. The issue was introduced by commit 946fa0dbf2d8 which extended redzone checks to extra allocated kmalloc space. When initonfree=1 is set, the system would clear the full object size including the redzone, and additionally clear the object metadata including the stored origsize, causing it to become zero. This would lead to checkobject() treating the whole object as a redzone (Kernel Patch).

The vulnerability occurs in the SLUB memory allocator's handling of kmalloc redzones. When initonfree=1 is enabled along with slubdebug=FUZ, the system improperly zeroes the entire object including the redzone area and metadata. This causes the checkobject() function to incorrectly interpret the object boundaries, leading to false positive detections of redzone overwrites. The issue affects Linux kernel versions from 6.2 through 6.10.14 and 6.11 through 6.11.3 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium), with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The primary impact is a potential denial of service condition through system crashes when certain memory operations trigger false positive redzone overwrite detections (NVD).

The issue has been fixed in Linux kernel versions 6.10.14 and 6.11.3. The patch modifies the memory initialization process to use origsize for clearing the used area and properly restore the origsize value after clearing the remaining area. This prevents the false positive redzone overwrite detections while maintaining the security benefits of memory initialization (Kernel Patch).