CVE-2024-27433
📋 TL;DR
This CVE describes a double-free vulnerability in the Linux kernel's MediaTek clock driver for MT7622 and MT8135 chips. The vulnerability occurs when the kernel module is unloaded, potentially leading to memory corruption and kernel panic. Systems using affected MediaTek hardware with vulnerable kernel versions are at risk.
💻 Affected Systems
- Linux kernel with MediaTek MT7622/MT8135 clock driver support
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, denial of service, or potential privilege escalation if combined with other vulnerabilities.
Likely Case
System crash or instability when the affected kernel module is unloaded, causing denial of service.
If Mitigated
No impact if patched or if the vulnerable code path isn't triggered during normal operation.
🎯 Exploit Status
Requires ability to trigger kernel module unloading, typically needing local access and some privileges. No public exploits known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with the fix commits referenced in the CVE
Vendor Advisory: https://git.kernel.org/stable/c/a32e88f2b20259f5fe4f8eed598bbc85dc4879ed
Restart Required: Yes
Instructions:
1. Update to a patched kernel version from your distribution's repositories. 2. Reboot the system to load the new kernel. 3. Verify the fix by checking kernel version.
🔧 Temporary Workarounds
Prevent module unloading
linuxPrevent the vulnerable kernel module from being unloaded to avoid triggering the double-free
echo 1 > /sys/module/clk_mt8135_apmixed/parameters/refcnt
🧯 If You Can't Patch
- Restrict local user access to systems with affected hardware
- Monitor for kernel panic events and system instability
🔍 How to Verify
Check if Vulnerable:
Check if system uses MediaTek MT7622/MT8135 hardware and has the vulnerable kernel module loaded: lsmod | grep clk_mt8135_apmixedCheck Version:
uname -rVerify Fix Applied:
Check kernel version against patched versions in git references, or verify the module can be unloaded without causing issues📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- OOM killer activity
- System crash/reboot logs
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
source="kernel" AND ("panic" OR "Oops" OR "double free")🔗 References
- https://git.kernel.org/stable/c/a32e88f2b20259f5fe4f8eed598bbc85dc4879ed
- https://git.kernel.org/stable/c/de3340533bd68a7b3d6be1841b8eb3fa6c762fe6
- https://git.kernel.org/stable/c/f3633fed984f1db106ff737a0bb52fadb2d89ac7
- https://git.kernel.org/stable/c/fa761ce7a1d15cca1a306b3635f81a22b15fee5b
- https://git.kernel.org/stable/c/a32e88f2b20259f5fe4f8eed598bbc85dc4879ed
- https://git.kernel.org/stable/c/de3340533bd68a7b3d6be1841b8eb3fa6c762fe6
- https://git.kernel.org/stable/c/f3633fed984f1db106ff737a0bb52fadb2d89ac7
- https://git.kernel.org/stable/c/fa761ce7a1d15cca1a306b3635f81a22b15fee5b
