CVE-2024-26730
📋 TL;DR
This CVE describes a memory access vulnerability in the Linux kernel's nct6775 hardware monitoring driver. It allows out-of-bounds read/write operations when accessing temperature configuration registers, potentially leading to kernel memory corruption. Systems using affected Linux kernel versions with the nct6775 driver loaded are vulnerable.
💻 Affected Systems
- Linux kernel with nct6775 hardware monitoring driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel memory corruption leading to system crash, privilege escalation, or arbitrary code execution in kernel context.
Likely Case
System instability, kernel panics, or denial of service when KASAN (Kernel Address Sanitizer) is enabled and detects the out-of-bounds access.
If Mitigated
Minor system instability or error messages in kernel logs without KASAN enabled.
🎯 Exploit Status
Exploitation requires local access and knowledge of kernel memory layout. KASAN detection suggests this is primarily a stability/DoS issue rather than easily weaponized.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel trees (commits: c196387820c9214c5ceaff56d77303c82514b8b1, d56e460e19ea8382f813eb489730248ec8d7eb73, f006c45a3ea424f8f6c8e4b9283bc245ce2a4d0f)
Vendor Advisory: https://git.kernel.org/stable/c/c196387820c9214c5ceaff56d77303c82514b8b1
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from distribution vendor. 2. Rebuild kernel if using custom kernel. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable nct6775 driver
linuxPrevent loading of vulnerable driver if hardware monitoring not required
echo 'blacklist nct6775' >> /etc/modprobe.d/blacklist.conf
rmmod nct6775
Disable KASAN
linuxPrevent KASAN from detecting and reporting the out-of-bounds access
Remove 'kasan' from kernel command line or rebuild kernel without CONFIG_KASAN
🧯 If You Can't Patch
- Restrict local user access to systems with vulnerable kernel
- Monitor kernel logs for KASAN error messages and investigate suspicious activity
🔍 How to Verify
Check if Vulnerable:
Check if nct6775 module is loaded: lsmod | grep nct6775. Check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated and nct6775 module loads without KASAN errors in dmesg.📡 Detection & Monitoring
Log Indicators:
- KASAN error messages in kernel logs (dmesg) mentioning nct6775_probe
- Kernel panic or oops messages related to nct6775 driver
Network Indicators:
- None - local vulnerability only
SIEM Query:
Search for 'KASAN', 'nct6775', 'global-out-of-bounds' in kernel/system logs🔗 References
- https://git.kernel.org/stable/c/c196387820c9214c5ceaff56d77303c82514b8b1
- https://git.kernel.org/stable/c/d56e460e19ea8382f813eb489730248ec8d7eb73
- https://git.kernel.org/stable/c/f006c45a3ea424f8f6c8e4b9283bc245ce2a4d0f
- https://git.kernel.org/stable/c/c196387820c9214c5ceaff56d77303c82514b8b1
- https://git.kernel.org/stable/c/d56e460e19ea8382f813eb489730248ec8d7eb73
- https://git.kernel.org/stable/c/f006c45a3ea424f8f6c8e4b9283bc245ce2a4d0f
