CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown

Published Jul 12, 2024
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

KVM: arm64: Disassociate vcpus from redistributor region on teardown

When tearing down a redistributor region, make sure we don't have any dangling pointer to that region stored in a vcpu.

Other sources

Linux Kernel is vulnerable to a denial of service, caused by a flaw in KVM: Arm64. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.

IBM

Affected Software

18 affected componentsFixes available
redhat/kernel<6.1.96
6.1.96
redhat/kernel<6.6.36
6.6.36
redhat/kernel<6.9.7
6.9.7
redhat/kernel<6.10
6.10
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Software Stack<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Virtual Appliance<=ISVG 10.0.2
IBM Security Verify Governance Identity Manager Container<=ISVG 10.0.2
debian/linux
5.10.223-15.10.234-16.1.129-16.1.135-16.12.25-16.12.27-1
debian/linux-6.1
6.1.129-1~deb11u1
Linux Linux kernel>=5.13<6.1.96
Linux Linux kernel>=6.2<6.6.36
Linux Linux kernel>=6.7<6.9.7
Linux Linux kernel=6.10-rc1
Linux Linux kernel=6.10-rc2
Linux Linux kernel=6.10-rc3
Linux Linux kernel=6.10-rc4
Microsoft cbl2 kernel 5.15.186.1-1

Remediation

Patch Available

https://git.kernel.org/stable/c/0d92e4a7ffd5c42b9fa864692f82476c0bf8bcc8

Patch Available

https://git.kernel.org/stable/c/152b4123f21e6aff31cea01158176ad96a999c76

Patch Available

https://git.kernel.org/stable/c/48bb62859d47c5c4197a8c01128d0fa4f46ee58c

Patch Available

https://git.kernel.org/stable/c/68df4fc449fcc24347209e500ce26d5816705a77

Event History

Jul 12, 2024
CVE Published
via MITRE·12:37 PM
Data Sourced
via MITRE·12:37 PM
Description
Data Sourced
via NVD·01:15 PM
Description
Data Sourced
via NVD·01:15 PM
RemedySeverityWeaknessAffected Software
May 1, 2025
Data Sourced
via Ubuntu·06:16 PM
RemedyDescriptionSeverityAffected Software
Oct 8, 2025
Data Sourced
via Microsoft·01:01 AM
DescriptionSeverityWeakness
Data Sourced
via Microsoft·01:01 AM
Affected Software
Updated
via Microsoft·01:01 AM
DescriptionSeverity

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2024-40989?

CVE-2024-40989 has been classified with a high severity rating due to its potential impact on system stability and security.

2

How do I fix CVE-2024-40989?

To fix CVE-2024-40989, update the Linux kernel to versions 6.1.96, 6.6.36, 6.9.7, 6.10 or any appropriate patched version provided by your distribution.

3

What systems are affected by CVE-2024-40989?

CVE-2024-40989 affects Linux kernel versions prior to the specified remediation versions, particularly in Red Hat and Debian distributions.

4

What are the consequences of not addressing CVE-2024-40989?

Failing to address CVE-2024-40989 could lead to system crashes and exploitation due to dangling pointers in virtual CPUs.

5

Is CVE-2024-40989 specific to any architecture?

Yes, CVE-2024-40989 specifically affects the arm64 architecture within the Linux kernel.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203