CVE-2024-40984: ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine."

Published Jul 12, 2024
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine."

Undo the modifications made in commit d410ee5109a1 ("ACPICA: avoid "Info: mapping multiple BARs. Your kernel is fine.""). The initial purpose of this commit was to stop memory mappings for operation regions from overlapping page boundaries, as it can trigger warnings if different page attributes are present.

However, it was found that when this situation arises, mapping continues until the boundary's end, but there is still an attempt to read/write the entire length of the map, leading to a NULL pointer deference. For example, if a four-byte mapping request is made but only one byte is mapped because it hits the current page boundary's end, a four-byte read/write attempt is still made, resulting in a NULL pointer deference.

Instead, map the entire length, as the ACPI specification does not mandate that it must be within the same page boundary. It is permissible for it to be mapped across different regions.

Affected Software

23 affected componentsFixes available
Linux Linux kernel>=2.6.32<4.19.317
Linux Linux kernel>=4.20<5.4.279
Linux Linux kernel>=5.5<5.10.221
Linux Linux kernel>=5.11<5.15.162
Linux Linux kernel>=5.16<6.1.96
Linux Linux kernel>=6.2<6.6.36
Linux Linux kernel>=6.7<6.9.7
Linux Linux kernel=6.10-rc1
Linux Linux kernel=6.10-rc2
Linux Linux kernel=6.10-rc3
Linux Linux kernel=6.10-rc4
debian/linux
5.10.223-15.10.234-16.1.129-16.1.135-16.12.22-16.12.25-1
debian/linux-6.1
6.1.129-1~deb11u1
redhat/kernel<4.19.317
4.19.317
redhat/kernel<5.4.279
5.4.279
redhat/kernel<5.10.221
5.10.221
redhat/kernel<5.15.162
5.15.162
redhat/kernel<6.1.96
6.1.96
redhat/kernel<6.6.36
6.6.36
redhat/kernel<6.9.7
6.9.7
redhat/kernel<6.10
6.10
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance - Identity Manager virtual appliance component<=ISVG 10.0.2

Remediation

Patch Available

https://git.kernel.org/stable/c/434c6b924e1f4c219aab2d9e05fe79c5364e37d3

Patch Available

https://git.kernel.org/stable/c/435ecc978c3d5d0c4e172ec5b956dc1904061d98

Patch Available

https://git.kernel.org/stable/c/6eca23100e9030725f69c1babacd58803f29ec8d

Patch Available

https://git.kernel.org/stable/c/a83e1385b780d41307433ddbc86e3c528db031f0

Patch Available

https://git.kernel.org/stable/c/ae465109d82f4fb03c5adbe85f2d6a6a3d59124c

Patch Available

https://git.kernel.org/stable/c/dc5017c57f5eee80020c73ff8b67ba7f9fd08b1f

Patch Available

https://git.kernel.org/stable/c/ddc1f5f124479360a1fd43f73be950781d172239

Patch Available

https://git.kernel.org/stable/c/e21a4c9129c72fa54dd00f5ebf71219b41d43c04

Event History

Jul 12, 2024
CVE Published
via MITRE·12:33 PM
Data Sourced
via MITRE·12:33 PM
Description
Data Sourced
via NVD·01:15 PM
RemedyDescriptionSeverityWeaknessAffected Software
Apr 27, 2025
Data Sourced
via Ubuntu·06:15 PM
RemedyDescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2024-40984?

CVE-2024-40984 has a severity rating that indicates potential for kernel instability due to recent changes in the ACPICA component.

2

How do I fix CVE-2024-40984?

To fix CVE-2024-40984, you should upgrade your Linux kernel to the latest non-vulnerable versions listed in the advisory.

3

Which versions are affected by CVE-2024-40984?

CVE-2024-40984 affects multiple versions of the Linux kernel, specifically those prior to 4.19.317, 5.4.279, 5.10.221, 5.15.162, and several 6.x versions.

4

What systems are impacted by CVE-2024-40984?

Linux distributions using the affected kernel versions, such as certain Red Hat and Debian releases, are impacted by CVE-2024-40984.

5

Is there a workaround for CVE-2024-40984?

Currently, the recommended action for CVE-2024-40984 is to apply the kernel update rather than relying on a workaround.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203