CVE-2024-53128: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-53128 affects the Linux kernel's task stack functionality. The vulnerability was discovered in December 2024 and involves incorrect handling of KASAN tagged pointers in the objectisonstack() function. This issue specifically occurs when both CONFIGKASANSWTAGS and CONFIGKASANSTACK configurations are enabled (NVD).

The vulnerability occurs in the objectisonstack() function when CONFIGKASANSWTAGS and CONFIGKASANSTACK are enabled. The function produces incorrect results due to a mismatch between tagged obj pointers and untagged stack pointers. This discrepancy leads to incorrect stack object detection and can trigger warnings when CONFIGDEBUGOBJECTS is enabled. The issue has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability primarily affects debug functionality and can lead to incorrect stack object detection, resulting in false warnings in the kernel's debug output. The impact is considered medium severity as it requires local access and specific kernel configurations to be exploited (NVD).

A fix has been implemented by adding kasanresettag() to properly handle tagged pointers in the objectison_stack() function. The patch has been merged into various Linux kernel versions. Ubuntu has marked this as fixed in version 6.11.0-18.18 for 24.10 (oracular) and Debian has included the fix in version 6.1.128-1 (Ubuntu, Kernel Patch).