CVE-2024-27405
📋 TL;DR
A vulnerability in the Linux kernel's USB gadget NCM driver causes properly parsed network datagrams to be dropped when Windows 11 sends extra padding bytes. This affects Linux systems using USB tethering with NCM protocol, potentially causing network connectivity issues and data loss.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Complete loss of network connectivity via USB tethering, denial of service for devices relying on NCM networking, potential data corruption in network streams.
Likely Case
Intermittent network connectivity issues, dropped packets, and degraded performance when using USB tethering with Windows 11 hosts.
If Mitigated
Minor performance impact or no noticeable effect if NCM tethering is not used or with patched kernel.
🎯 Exploit Status
Exploitation requires Windows 11 host with specific USB tethering behavior, not a traditional security exploit but a functional bug causing data loss
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple stable kernel versions with commits: 059285e04ebb, 2b7ec68869d5, 2cb66b62a5d6, 35b604a37ec7, 57ca0e16f393
Vendor Advisory: https://git.kernel.org/stable/c/
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable NCM USB gadget
linuxPrevent use of NCM protocol for USB tethering
modprobe -r g_ncm
echo 'blacklist g_ncm' >> /etc/modprobe.d/blacklist.conf
Use alternative USB tethering protocol
linuxSwitch to RNDIS or ECM protocols instead of NCM
modprobe g_ether instead of g_ncm
🧯 If You Can't Patch
- Avoid USB tethering with Windows 11 hosts
- Monitor system logs for NCM-related errors and network connectivity issues
🔍 How to Verify
Check if Vulnerable:
Check if NCM module is loaded: lsmod | grep g_ncm and check kernel version against patched versionsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits and test USB tethering with Windows 11📡 Detection & Monitoring
Log Indicators:
- Kernel logs showing 'ncm_unwrap_ntb' with length mismatches
- Network connectivity drops during USB tethering
- dwc3_gadget_giveback with unexpected lengths
Network Indicators:
- Sudden drops in USB-tethered network traffic
- Increased packet loss on USB network interfaces
SIEM Query:
source="kernel" AND "ncm_unwrap_ntb" AND ("length 1025" OR "length 2049")🔗 References
- https://git.kernel.org/stable/c/059285e04ebb273d32323fbad5431c5b94f77e48
- https://git.kernel.org/stable/c/2b7ec68869d50ea998908af43b643bca7e54577e
- https://git.kernel.org/stable/c/2cb66b62a5d64ccf09b0591ab86fb085fa491fc5
- https://git.kernel.org/stable/c/35b604a37ec70d68b19dafd10bbacf1db505c9ca
- https://git.kernel.org/stable/c/57ca0e16f393bb21d69734e536e383a3a4c665fd
- https://git.kernel.org/stable/c/76c51146820c5dac629f21deafab0a7039bc3ccd
- https://git.kernel.org/stable/c/a31cf46d108dabce3df80b3e5c07661e24912151
- https://git.kernel.org/stable/c/c7f43900bc723203d7554d299a2ce844054fab8e
- https://git.kernel.org/stable/c/059285e04ebb273d32323fbad5431c5b94f77e48
- https://git.kernel.org/stable/c/2b7ec68869d50ea998908af43b643bca7e54577e
- https://git.kernel.org/stable/c/2cb66b62a5d64ccf09b0591ab86fb085fa491fc5
- https://git.kernel.org/stable/c/35b604a37ec70d68b19dafd10bbacf1db505c9ca
- https://git.kernel.org/stable/c/57ca0e16f393bb21d69734e536e383a3a4c665fd
- https://git.kernel.org/stable/c/76c51146820c5dac629f21deafab0a7039bc3ccd
- https://git.kernel.org/stable/c/a31cf46d108dabce3df80b3e5c07661e24912151
- https://git.kernel.org/stable/c/c7f43900bc723203d7554d299a2ce844054fab8e
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
