cve/2024/CVE-2024-53128.md

### [CVE-2024-53128](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53128)
![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f41524e886b7f1b8a0c1fc7321cac2%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)

### Description

In the Linux kernel, the following vulnerability has been resolved:sched/task_stack: fix object_is_on_stack() for KASAN tagged pointersWhen CONFIG_KASAN_SW_TAGS and CONFIG_KASAN_STACK are enabled, theobject_is_on_stack() function may produce incorrect results due to thepresence of tags in the obj pointer, while the stack pointer does not havetags.  This discrepancy can lead to incorrect stack object detection andsubsequently trigger warnings if CONFIG_DEBUG_OBJECTS is also enabled.Example of the warning:ODEBUG: object 3eff800082ea7bb0 is NOT on stack ffff800082ea0000, but annotated.------------[ cut here ]------------WARNING: CPU: 0 PID: 1 at lib/debugobjects.c:557 __debug_object_init+0x330/0x364Modules linked in:CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-rc5 #4Hardware name: linux,dummy-virt (DT)pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)pc : __debug_object_init+0x330/0x364lr : __debug_object_init+0x330/0x364sp : ffff800082ea7b40x29: ffff800082ea7b40 x28: 98ff0000c0164518 x27: 98ff0000c0164534x26: ffff800082d93ec8 x25: 0000000000000001 x24: 1cff0000c00172a0x23: 0000000000000000 x22: ffff800082d93ed0 x21: ffff800081a24418x20: 3eff800082ea7bb0 x19: efff800000000000 x18: 0000000000000000x17: 00000000000000ff x16: 0000000000000047 x15: 206b63617473206ex14: 0000000000000018 x13: ffff800082ea7780 x12: 0ffff800082ea78ex11: 0ffff800082ea790 x10: 0ffff800082ea79d x9 : 34d77febe173e800x8 : 34d77febe173e800 x7 : 0000000000000001 x6 : 0000000000000001x5 : feff800082ea74b8 x4 : ffff800082870a90 x3 : ffff80008018d3c4x2 : 0000000000000001 x1 : ffff800082858810 x0 : 0000000000000050Call trace: __debug_object_init+0x330/0x364 debug_object_init_on_stack+0x30/0x3c schedule_hrtimeout_range_clock+0xac/0x26c schedule_hrtimeout+0x1c/0x30 wait_task_inactive+0x1d4/0x25c kthread_bind_mask+0x28/0x98 init_rescuer+0x1e8/0x280 workqueue_init+0x1a0/0x3cc kernel_init_freeable+0x118/0x200 kernel_init+0x28/0x1f0 ret_from_fork+0x10/0x20---[ end trace 0000000000000000 ]---ODEBUG: object 3eff800082ea7bb0 is NOT on stack ffff800082ea0000, but annotated.------------[ cut here ]------------

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/w4zu/Debian_security
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`### [CVE-2024-53128](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53128)`
			`![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f41524e886b7f1b8a0c1fc7321cac2%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)`

			`### Description`

			In the Linux kernel, the following vulnerability has been resolved:sched/task_stack: fix object_is_on_stack() for KASAN tagged pointersWhen CONFIG_KASAN_SW_TAGS and CONFIG_KASAN_STACK are enabled, theobject_is_on_stack() function may produce incorrect results due to thepresence of tags in the obj pointer, while the stack pointer does not havetags. This discrepancy can lead to incorrect stack object detection andsubsequently trigger warnings if CONFIG_DEBUG_OBJECTS is also enabled.Example of the warning:ODEBUG: object 3eff800082ea7bb0 is NOT on stack ffff800082ea0000, but annotated.------------[ cut here ]------------WARNING: CPU: 0 PID: 1 at lib/debugobjects.c:557 __debug_object_init+0x330/0x364Modules linked in:CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-rc5 #4Hardware name: linux,dummy-virt (DT)pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)pc : __debug_object_init+0x330/0x364lr : __debug_object_init+0x330/0x364sp : ffff800082ea7b40x29: ffff800082ea7b40 x28: 98ff0000c0164518 x27: 98ff0000c0164534x26: ffff800082d93ec8 x25: 0000000000000001 x24: 1cff0000c00172a0x23: 0000000000000000 x22: ffff800082d93ed0 x21: ffff800081a24418x20: 3eff800082ea7bb0 x19: efff800000000000 x18: 0000000000000000x17: 00000000000000ff x16: 0000000000000047 x15: 206b63617473206ex14: 0000000000000018 x13: ffff800082ea7780 x12: 0ffff800082ea78ex11: 0ffff800082ea790 x10: 0ffff800082ea79d x9 : 34d77febe173e800x8 : 34d77febe173e800 x7 : 0000000000000001 x6 : 0000000000000001x5 : feff800082ea74b8 x4 : ffff800082870a90 x3 : ffff80008018d3c4x2 : 0000000000000001 x1 : ffff800082858810 x0 : 0000000000000050Call trace: __debug_object_init+0x330/0x364 debug_object_init_on_stack+0x30/0x3c schedule_hrtimeout_range_clock+0xac/0x26c schedule_hrtimeout+0x1c/0x30 wait_task_inactive+0x1d4/0x25c kthread_bind_mask+0x28/0x98 init_rescuer+0x1e8/0x280 workqueue_init+0x1a0/0x3cc kernel_init_freeable+0x118/0x200 kernel_init+0x28/0x1f0 ret_from_fork+0x10/0x20---[ end trace 0000000000000000 ]---ODEBUG: object 3eff800082ea7bb0 is NOT on stack ffff800082ea0000, but annotated.------------[ cut here ]------------

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/fkie-cad/nvd-json-data-feeds`
			`- https://github.com/w4zu/Debian_security`