CVE-2024-50099: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-50099 affects the Linux kernel's ARM64 architecture implementation of uprobes support. The vulnerability was discovered in the simulateldrliteral() and simulateldrswliteral() functions, which were originally designed for kprobes but were unsafely reused for uprobes. The issue affects Linux kernel versions from 4.10 through 6.11.5 (NVD).

The vulnerability stems from unsafe memory access implementations in the ARM64 probes subsystem. The simulateldrliteral() and simulateldrswliteral() functions use plain C accesses to memory without proper exception table entries. When these functions were repurposed for uprobes, they retained their original implementation which cannot safely access user memory. The vulnerability has a CVSS v3.1 Base Score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can result in kernel thread termination through BUG() calls when accessing faulting memory, potentially leading to system lockups or panics. Additionally, the functions cannot operate correctly on systems using Hardware PAN or Software PAN due to memory access restrictions. The privileged nature of the accesses also creates a potential for accessing a small range of kernel virtual addresses (Kernel Patch).

The issue has been fixed by removing uprobe support for LDR (literal) and LDRSW (literal) instructions, limiting their use to kprobes only. Attempts to place uprobes on these instructions will now be rejected as armprobedecodeinsn() returns INSNREJECTED. The fix has been implemented in various kernel versions through security updates (Red Hat Advisory).