CVE-2024-42240

Summary

CVE-2024-42240 is an vulnerability found in the Linux kernel that arises from the interaction between the BHI (Branch History Identification) mitigation and the SYSENTER instruction. When SYSENTER is invoked with the TF (Trapping Flag) set, entry_SYSENTER_compat() uses CLEAR_BRANCH_HISTORY and calls clear_bhb_loop() before clearing the TF flag, which results in a warning from the #DB handler because single-stepping is used outside the entry_SYSENTER_compat() function. To rectify this issue, entry_SYSENTER_compat() should employ CLEAR_BRANCH_HISTORY post TF flag clearance. The vulnerability can be reproduced using a specially crafted program, and the resulting kernel log will display a warning from the #DB handler.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.