CVE-2024-35884
📋 TL;DR
A Linux kernel vulnerability in UDP packet handling can cause kernel crashes or packet corruption when UDP Generic Segmentation Offload (GSO) packets are incorrectly processed in tunneled network configurations. This affects systems with rx-udp-gro-forwarding or rx-gro-list enabled, particularly those using UDP-based tunnels like Geneve. Network administrators and organizations using Linux-based networking infrastructure are affected.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially affecting multiple systems in a network infrastructure.
Likely Case
Network packet corruption causing connectivity issues, degraded performance, or application failures in tunneled network environments.
If Mitigated
Minor performance impact from disabling GRO features or segmentation overhead when workarounds are applied.
🎯 Exploit Status
Exploitation requires network access and specific UDP tunnel configurations. The vulnerability was discovered through normal kernel development/testing.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple stable kernel versions with commits: 3001e7aa43d6, 3391b157780b, 35fe0e0b5c00, 3d010c8031e3, d12245080cb2
Vendor Advisory: https://git.kernel.org/stable/c/3001e7aa43d6691db2a878b0745b854bf12ddd19
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.
🔧 Temporary Workarounds
Disable UDP GRO forwarding
linuxPrevent UDP packets from being GROed when forwarded, eliminating the vulnerable condition
sysctl -w net.ipv4.udp_rmem_min=131072
sysctl -w net.ipv4.udp_wmem_min=131072
echo 0 > /proc/sys/net/ipv4/udp_gro_forwarding
Disable GRO on tunnel interfaces
linuxTurn off Generic Receive Offload on tunnel network interfaces
ethtool -K <tunnel_interface> gro off
🧯 If You Can't Patch
- Disable rx-udp-gro-forwarding and rx-gro-list features in network configuration
- Avoid using UDP-based tunnels (Geneve, VXLAN) or ensure they operate without GRO features
🔍 How to Verify
Check if Vulnerable:
Check if rx-udp-gro-forwarding is enabled: cat /proc/sys/net/ipv4/udp_gro_forwarding. If 1 and using UDP tunnels, system may be vulnerable.Check Version:
uname -rVerify Fix Applied:
Check kernel version against patched releases and verify UDP GRO forwarding behavior with network testing.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- BUG_ON errors in kernel logs
- Network interface errors
- UDP packet corruption logs
Network Indicators:
- UDP tunnel connectivity failures
- Increased packet retransmissions
- Geneve/VXLAN tunnel performance degradation
SIEM Query:
source="kernel" AND ("BUG_ON" OR "skb_segment" OR "udp_gro" OR "kernel panic")🔗 References
- https://git.kernel.org/stable/c/3001e7aa43d6691db2a878b0745b854bf12ddd19
- https://git.kernel.org/stable/c/3391b157780bbedf8ef9f202cbf10ee90bf6b0f8
- https://git.kernel.org/stable/c/35fe0e0b5c00bef7dde74842a2564c43856fbce4
- https://git.kernel.org/stable/c/3d010c8031e39f5fa1e8b13ada77e0321091011f
- https://git.kernel.org/stable/c/d12245080cb259d82b34699f6cd4ec11bdb688bd
- https://git.kernel.org/stable/c/d49ae15a5767d4e9ef8bbb79e42df1bfebc94670
- https://git.kernel.org/stable/c/3001e7aa43d6691db2a878b0745b854bf12ddd19
- https://git.kernel.org/stable/c/3391b157780bbedf8ef9f202cbf10ee90bf6b0f8
- https://git.kernel.org/stable/c/35fe0e0b5c00bef7dde74842a2564c43856fbce4
- https://git.kernel.org/stable/c/3d010c8031e39f5fa1e8b13ada77e0321091011f
- https://git.kernel.org/stable/c/d12245080cb259d82b34699f6cd4ec11bdb688bd
- https://git.kernel.org/stable/c/d49ae15a5767d4e9ef8bbb79e42df1bfebc94670
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
