CVE-2024-26597
📋 TL;DR
A global out-of-bounds read vulnerability in the Linux kernel's RMNET driver allows attackers to read kernel memory beyond allocated bounds when parsing netlink attributes. This affects Linux systems using the Qualcomm RMNET driver for mobile network interfaces. The vulnerability can lead to information disclosure or potentially be leveraged for further exploitation.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel memory disclosure leading to privilege escalation, system crash, or information leakage of sensitive kernel data structures.
Likely Case
Information disclosure of kernel memory contents, potentially revealing sensitive data or system state information.
If Mitigated
Limited impact due to kernel address space layout randomization (KASLR) and other memory protections, though information disclosure still occurs.
🎯 Exploit Status
Exploitation requires sending crafted netlink messages to the kernel, which typically requires local access or CAP_NET_ADMIN capabilities.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 02467ab8b404d80429107588e0f3425cf5fcd2e5, 093dab655808207f7a9f54cf156240aeafc70590, 17d06a5c44d8fd2e8e61bac295b09153496f87e1, 2295c22348faf795e1ccdf618f6eb7afdb2f7447, 3b5254862258b595662a0ccca6e9eeb88d6e7468
Vendor Advisory: https://git.kernel.org/stable/c/02467ab8b404d80429107588e0f3425cf5fcd2e5
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Rebuild kernel if using custom kernel. 3. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Disable RMNET driver
linuxRemove or blacklist the RMNET driver if not needed
echo 'blacklist rmnet' >> /etc/modprobe.d/blacklist.conf
rmmod rmnet
Restrict netlink access
linuxLimit which users/processes can send netlink messages
Use Linux capabilities (CAP_NET_ADMIN) restrictions
Implement SELinux/AppArmor policies to restrict netlink socket creation
🧯 If You Can't Patch
- Implement strict access controls to prevent unauthorized users from sending netlink messages
- Monitor for unusual netlink activity or kernel memory access patterns
🔍 How to Verify
Check if Vulnerable:
Check if RMNET driver is loaded: lsmod | grep rmnet. Check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits. Test with KASAN if available to ensure no out-of-bounds reads.📡 Detection & Monitoring
Log Indicators:
- Kernel logs showing KASAN reports for global-out-of-bounds reads
- Netlink message parsing errors
Network Indicators:
- Unusual netlink socket activity from non-system processes
SIEM Query:
source="kernel" AND ("KASAN" OR "global-out-of-bounds" OR "rmnet")🔗 References
- https://git.kernel.org/stable/c/02467ab8b404d80429107588e0f3425cf5fcd2e5
- https://git.kernel.org/stable/c/093dab655808207f7a9f54cf156240aeafc70590
- https://git.kernel.org/stable/c/17d06a5c44d8fd2e8e61bac295b09153496f87e1
- https://git.kernel.org/stable/c/2295c22348faf795e1ccdf618f6eb7afdb2f7447
- https://git.kernel.org/stable/c/3b5254862258b595662a0ccca6e9eeb88d6e7468
- https://git.kernel.org/stable/c/b33fb5b801c6db408b774a68e7c8722796b59ecc
- https://git.kernel.org/stable/c/c4734535034672f59f2652e1e0058c490da62a5c
- https://git.kernel.org/stable/c/ee1dc3bf86f2df777038506b139371a9add02534
- https://git.kernel.org/stable/c/02467ab8b404d80429107588e0f3425cf5fcd2e5
- https://git.kernel.org/stable/c/093dab655808207f7a9f54cf156240aeafc70590
- https://git.kernel.org/stable/c/17d06a5c44d8fd2e8e61bac295b09153496f87e1
- https://git.kernel.org/stable/c/2295c22348faf795e1ccdf618f6eb7afdb2f7447
- https://git.kernel.org/stable/c/3b5254862258b595662a0ccca6e9eeb88d6e7468
- https://git.kernel.org/stable/c/b33fb5b801c6db408b774a68e7c8722796b59ecc
- https://git.kernel.org/stable/c/c4734535034672f59f2652e1e0058c490da62a5c
- https://git.kernel.org/stable/c/ee1dc3bf86f2df777038506b139371a9add02534
- https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
