Login Sign Up

CVE-2024-0562

7.8 HIGH
Denial of Service

📋 TL;DR

A use-after-free vulnerability in the Linux kernel's writeback subsystem allows attackers to potentially crash the system or execute arbitrary code with kernel privileges. This affects Linux systems where disk devices can be dynamically removed. Attackers need local access to trigger the vulnerability.

💻 Affected Systems

Products:
  • Linux Kernel
Versions: Specific versions vary by distribution; generally affects kernel versions before fixes were backported (check vendor advisories for specifics).
Operating Systems: Linux distributions including RHEL, CentOS, Fedora, Ubuntu, Debian, and others
Default Config Vulnerable: ⚠️ Yes
Notes: Requires ability to remove disk devices; systems with hot-swappable storage or virtualized environments are particularly vulnerable.

📦 What is this software?

Enterprise Linux by Redhat

View all CVEs affecting Enterprise Linux →

Enterprise Linux by Redhat

View all CVEs affecting Enterprise Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash or potential arbitrary code execution with kernel privileges, resulting in complete system compromise.

🟠

Likely Case

Kernel panic causing system crash and denial of service, requiring physical or remote console access to reboot.

🟢

If Mitigated

No impact if systems are patched or don't allow disk removal by untrusted users.

🌐 Internet-Facing: LOW - Requires local access to trigger, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Local attackers or malicious users with disk removal privileges could cause system crashes.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and ability to trigger disk removal; exploitation may be challenging due to timing constraints.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Varies by distribution; check specific vendor advisories (e.g., RHEL 8.9, 9.3 updates)

Vendor Advisory: https://access.redhat.com/errata/RHSA-2024:0412

Restart Required: Yes

Instructions:

1. Update kernel package using distribution's package manager. 2. For RHEL/CentOS: 'yum update kernel'. 3. For Ubuntu/Debian: 'apt update && apt upgrade linux-image-generic'. 4. Reboot system to load new kernel.

🔧 Temporary Workarounds

Restrict disk removal permissions

linux

Prevent untrusted users from removing disk devices to block exploitation vector.

chmod 640 /sys/block/*/device/delete
setfacl -m u:root:rw /sys/block/*/device/delete

🧯 If You Can't Patch

  • Restrict physical and console access to systems
  • Implement strict access controls on disk management operations

🔍 How to Verify

Check if Vulnerable:

Check kernel version against vendor advisories; for RHEL: 'rpm -q kernel' and compare to patched versions in RHSA-2024:0412.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version after update and reboot; check that 'uname -r' shows patched version.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages in /var/log/messages or dmesg
  • Unexpected disk removal events in system logs

Network Indicators:

  • None - local exploitation only

SIEM Query:

source="kernel" AND "panic" OR "Oops" AND "bdi" OR "writeback"

📊 Metadata

CVE ID: CVE-2024-0562
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: January 15, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-0562, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)