CVE-2024-53049: 
Linux Debian vulnerability analysis and mitigation

CVE-2024-53049 affects the Linux kernel and involves a warning issue in the SLUB memory allocator's KUnit testing framework. The vulnerability was discovered when using 'modprobe slubkunit', which triggered a warning due to unwrapped _kmalloccachenoprof function. The issue was disclosed and patched in October 2024, affecting Linux kernel versions from 6.11 up to (excluding) 6.11.7, and version 6.12 release candidates (rc1-rc5) (NVD).

The vulnerability stems from direct usage of _kmalloccachenoprof without proper allocation tag handling. This resulted in current->alloctag being null, which triggered a warning in alloctagaddcheck. The issue specifically occurs within lib/slubkunit.c, which is the only user of this internal SLUB function outside the kmalloc implementation. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability's impact is primarily related to system stability and debugging capabilities. When triggered, it causes a warning message to be generated in the system log, potentially affecting system monitoring and debugging processes. The CVSS score indicates that while the vulnerability has high availability impact, it does not affect confidentiality or integrity (NVD).

The issue has been fixed by adding an allochook layer to _kmalloccachenoprof specifically within lib/slubkunit.c. The fix involves wrapping the _kmalloccachenoprof call with alloc_hooks() function. The patch has been committed to the Linux kernel repository (Kernel Patch).