CVE-2024-40984: ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine."
In the Linux kernel, the following vulnerability has been resolved:
ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine."
Undo the modifications made in commit d410ee5109a1 ("ACPICA: avoid
"Info: mapping multiple BARs. Your kernel is fine.""). The initial
purpose of this commit was to stop memory mappings for operation
regions from overlapping page boundaries, as it can trigger warnings
if different page attributes are present.
However, it was found that when this situation arises, mapping
continues until the boundary's end, but there is still an attempt to
read/write the entire length of the map, leading to a NULL pointer
deference. For example, if a four-byte mapping request is made but
only one byte is mapped because it hits the current page boundary's
end, a four-byte read/write attempt is still made, resulting in a NULL
pointer deference.
Instead, map the entire length, as the ACPI specification does not
mandate that it must be within the same page boundary. It is
permissible for it to be mapped across different regions.
Security readout for executives and security teams
Plain-English summary
CVE-2024-40984 is a Linux kernel ACPICA bug that can cause a NULL pointer dereference when ACPI operation-region mappings cross a page boundary. In practical terms, affected systems could crash or become unstable under the right hardware/firmware interaction. The sources do not provide CVSS, confirmed exploitation, or a universal workaround.
Executive priority
Treat this as a planned kernel remediation item with higher priority for critical infrastructure, appliances, and systems requiring high availability. There is no sourced evidence of active exploitation, but kernel crash risk can still create business disruption if affected systems are exposed in production.
Technical view
A prior ACPICA change limited operation-region mappings at page boundaries. When only part of a requested range was mapped, later read/write logic still used the full requested length, creating a NULL pointer dereference. The kernel fix reverts that behavior and maps the full ACPI-specified range, which may span regions.
Likely exposure
Exposure is most relevant to Linux systems running affected kernel versions or vendor products that embed those kernels. The bundle lists Linux kernel affected ranges and separate Debian LTS and Siemens advisories, but does not identify every downstream product or distribution package state.
Exploitation context
No active exploitation is stated in the provided sources, and the CVE is not marked KEV. The evidence supports a kernel reliability and availability issue, not a confirmed remote exploitation campaign. Exploitability likely depends on affected kernel code paths and ACPI-related hardware or firmware behavior.
Researcher notes
The key root cause is a length mismatch after page-boundary-limited mapping in ACPICA operation-region access. Research should focus on confirming affected kernel lineage and fixed commit presence. The supplied data lacks CVSS, CWE, exploit prerequisites, and detailed downstream package mapping.
Mitigation direction
Update affected Linux kernels through distribution or vendor-supported channels.
Check Debian LTS and Siemens advisories for product-specific fixed versions.
Prioritize systems where kernel crashes create safety, uptime, or recovery risks.
If no fixed build is available, monitor vendor guidance for supported mitigations.
Avoid direct deploy shortcuts; follow normal tested patch rollout procedures.
Validation and detection
Inventory Linux kernel versions across servers, endpoints, appliances, and embedded products.
Confirm whether installed kernels include the linked stable fix commits.
Review vendor advisories for affected Siemens or Debian package versions.
Check kernel logs for ACPICA or ACPI NULL pointer dereference crashes.
Validate updates in staging before broad production rollout.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2024-40984 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.