LiveActive security incident?Get immediate response
CVE Record

CVE-2024-40984: ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine."

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." Undo the modifications made in commit d410ee5109a1 ("ACPICA: avoid "Info: mapping multiple BARs. Your kernel is fine.""). The initial purpose of this commit was to stop memory mappings for operation regions from overlapping page boundaries, as it can trigger warnings if different page attributes are present. However, it was found that when this situation arises, mapping continues until the boundary's end, but there is still an attempt to read/write the entire length of the map, leading to a NULL pointer deference. For example, if a four-byte mapping request is made but only one byte is mapped because it hits the current page boundary's end, a four-byte read/write attempt is still made, resulting in a NULL pointer deference. Instead, map the entire length, as the ACPI specification does not mandate that it must be within the same page boundary. It is permissible for it to be mapped across different regions.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

CVE-2024-40984 is a Linux kernel ACPICA bug that can cause a NULL pointer dereference when ACPI operation-region mappings cross a page boundary. In practical terms, affected systems could crash or become unstable under the right hardware/firmware interaction. The sources do not provide CVSS, confirmed exploitation, or a universal workaround.

Executive priority

Treat this as a planned kernel remediation item with higher priority for critical infrastructure, appliances, and systems requiring high availability. There is no sourced evidence of active exploitation, but kernel crash risk can still create business disruption if affected systems are exposed in production.

Technical view

A prior ACPICA change limited operation-region mappings at page boundaries. When only part of a requested range was mapped, later read/write logic still used the full requested length, creating a NULL pointer dereference. The kernel fix reverts that behavior and maps the full ACPI-specified range, which may span regions.

Likely exposure

Exposure is most relevant to Linux systems running affected kernel versions or vendor products that embed those kernels. The bundle lists Linux kernel affected ranges and separate Debian LTS and Siemens advisories, but does not identify every downstream product or distribution package state.

Exploitation context

No active exploitation is stated in the provided sources, and the CVE is not marked KEV. The evidence supports a kernel reliability and availability issue, not a confirmed remote exploitation campaign. Exploitability likely depends on affected kernel code paths and ACPI-related hardware or firmware behavior.

Researcher notes

The key root cause is a length mismatch after page-boundary-limited mapping in ACPICA operation-region access. Research should focus on confirming affected kernel lineage and fixed commit presence. The supplied data lacks CVSS, CWE, exploit prerequisites, and detailed downstream package mapping.

Mitigation direction

  • Update affected Linux kernels through distribution or vendor-supported channels.
  • Check Debian LTS and Siemens advisories for product-specific fixed versions.
  • Prioritize systems where kernel crashes create safety, uptime, or recovery risks.
  • If no fixed build is available, monitor vendor guidance for supported mitigations.
  • Avoid direct deploy shortcuts; follow normal tested patch rollout procedures.

Validation and detection

  • Inventory Linux kernel versions across servers, endpoints, appliances, and embedded products.
  • Confirm whether installed kernels include the linked stable fix commits.
  • Review vendor advisories for affected Siemens or Debian package versions.
  • Check kernel logs for ACPICA or ACPI NULL pointer dereference crashes.
  • Validate updates in staging before broad production rollout.
Prepared
Confidence
medium
Sources
10

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2024-40984 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
3ADP providers
13Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CVECVE Program Container
CISA-ADPCISA ADP Vulnrichment
other:ssvc
siemens-SADPADP container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinuxd410ee5109a1633a686a5663c6743a92e1181f9b, d410ee5109a1633a686a5663c6743a92e1181f9b, d410ee5109a1633a686a5663c6743a92e1181f9b, d410ee5109a1633a686a5663c6743a92e1181f9b, d410ee5109a1633a686a5663c6743a92e1181f9b, d410ee5109a1633a686a5663c6743a92e1181f9b, d410ee5109a1633a686a5663c6743a92e1181f9b, d410ee5109a1633a686a5663c6743a92e1181f9bunaffected
LinuxLinux2.6.32, 0, 4.19.317, 5.4.279, 5.10.221, 5.15.162, 6.1.96, 6.6.36, 6.9.7, 6.10affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.