CVE-2024-26793
📋 TL;DR
A use-after-free and null pointer dereference vulnerability in the Linux kernel's GTP (GPRS Tunneling Protocol) module allows local attackers to cause denial of service or potentially escalate privileges. The issue occurs when gtp_link_ops operations structure is registered before gtp_net_ops pernet operations structure during module initialization. This affects systems using the GTP kernel module.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to kernel-level code execution, complete system compromise, or persistent denial of service.
Likely Case
Kernel panic leading to system crash and denial of service, requiring reboot.
If Mitigated
Limited to denial of service if kernel hardening features like KASAN are enabled and system is promptly rebooted.
🎯 Exploit Status
Exploitation requires local access and ability to trigger the gtp_newlink() function. The vulnerability was discovered via syzkaller fuzzing.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in stable kernel commits: 01129059d5141d62fae692f7a336ae3bc712d3eb, 5366969a19a8a0d2ffb3d27ef6e8905e5e4216f8, 616d82c3cfa2a2146dd7e3ae47bda7e877ee549e, 9376d059a705c5dfaac566c2d09891242013ae16, 93dd420bc41531c9a31498b9538ca83ba6ec191e
Vendor Advisory: https://git.kernel.org/stable/c/01129059d5141d62fae692f7a336ae3bc712d3eb
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix. 2. Check if GTP module is loaded with 'lsmod | grep gtp'. 3. Reboot system to load patched kernel. 4. Verify fix with 'uname -r' and check kernel version.
🔧 Temporary Workarounds
Unload GTP module
linuxRemove the GTP kernel module if not needed, eliminating the attack surface.
sudo rmmod gtp
Blacklist GTP module
linuxPrevent GTP module from being loaded automatically.
echo 'blacklist gtp' | sudo tee /etc/modprobe.d/gtp-blacklist.conf
🧯 If You Can't Patch
- Ensure strict access controls to limit local user privileges
- Monitor system logs for kernel panics or crashes related to GTP
🔍 How to Verify
Check if Vulnerable:
Check if GTP module is loaded: 'lsmod | grep gtp'. If loaded, check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated to a patched version and GTP module loads without errors.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages mentioning gtp_newlink, gtp_genl_dump_pdp, or general protection faults
- System crash/reboot events with GTP-related stack traces
Network Indicators:
- Unusual GTP protocol activity from local users
SIEM Query:
source="kernel" AND ("gtp_newlink" OR "general protection fault" OR "null-ptr-deref")🔗 References
- https://git.kernel.org/stable/c/01129059d5141d62fae692f7a336ae3bc712d3eb
- https://git.kernel.org/stable/c/5366969a19a8a0d2ffb3d27ef6e8905e5e4216f8
- https://git.kernel.org/stable/c/616d82c3cfa2a2146dd7e3ae47bda7e877ee549e
- https://git.kernel.org/stable/c/9376d059a705c5dfaac566c2d09891242013ae16
- https://git.kernel.org/stable/c/93dd420bc41531c9a31498b9538ca83ba6ec191e
- https://git.kernel.org/stable/c/abd32d7f5c0294c1b2454c5a3b13b18446bac627
- https://git.kernel.org/stable/c/e668b92a3a01429923fd5ca13e99642aab47de69
- https://git.kernel.org/stable/c/ec92aa2cab6f0048f10d6aa4f025c5885cb1a1b6
- https://git.kernel.org/stable/c/01129059d5141d62fae692f7a336ae3bc712d3eb
- https://git.kernel.org/stable/c/5366969a19a8a0d2ffb3d27ef6e8905e5e4216f8
- https://git.kernel.org/stable/c/616d82c3cfa2a2146dd7e3ae47bda7e877ee549e
- https://git.kernel.org/stable/c/9376d059a705c5dfaac566c2d09891242013ae16
- https://git.kernel.org/stable/c/93dd420bc41531c9a31498b9538ca83ba6ec191e
- https://git.kernel.org/stable/c/abd32d7f5c0294c1b2454c5a3b13b18446bac627
- https://git.kernel.org/stable/c/e668b92a3a01429923fd5ca13e99642aab47de69
- https://git.kernel.org/stable/c/ec92aa2cab6f0048f10d6aa4f025c5885cb1a1b6
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
