CVE-2024-57874: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-57874 affects the Linux kernel's ARM64 ptrace functionality, specifically in the taggedaddrctrlset() function. The vulnerability was discovered and disclosed on January 11, 2025, affecting Linux kernel versions from 5.10 through 6.13. The issue occurs when handling NTARMTAGGEDADDR_CTRL regset operations in the ARM64 architecture (NVD).

The vulnerability stems from an uninitialized variable in the taggedaddrctrlset() function. When a SETREGSET call is made with a length of zero, the temporary 'ctrl' variable remains uninitialized, potentially leading to the consumption of arbitrary values from the kernel stack. The vulnerability is limited to a specific stack slot and can leak up to 64 bits of kernel memory. The exposure is partially mitigated as settaggedaddrctrl() only accepts values where bits [63:4] are zero and rejects other values. The NTARMTAGGEDADDRCTRL regset is only accessible in the useraarch64view used by native AArch64 tasks. The vulnerability has been assigned a CVSS v3.1 base score of 6.1 (MEDIUM) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H (NVD).

The vulnerability can lead to information disclosure by leaking up to 64 bits of kernel stack memory. While the impact is limited by the specific conditions required for exploitation and the restrictions on acceptable values, it represents a potential security risk for systems running affected kernel versions (Kernel Patch).

The vulnerability has been fixed in multiple kernel versions through patches that initialize the temporary 'ctrl' variable before copying the regset from userspace. The fix ensures that in case of a zero-length write, the existing value of the tagged address ctrl is retained. Updates are available for kernel versions 5.10.234-1 and 6.1.128-1~deb11u1 in Debian distributions (Debian LTS).