CVE-2024-35886
📋 TL;DR
A stack overflow vulnerability in the Linux kernel's IPv6 routing table dump functionality allows local attackers to trigger infinite recursion during netlink socket destruction, leading to kernel panic and denial of service. This affects systems with IPv6 enabled and requires local access to trigger. The vulnerability was discovered through fault injection testing.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, requiring physical or remote console access to reboot.
Likely Case
Local denial of service through kernel panic, disrupting services on the affected system.
If Mitigated
Minimal impact with proper patching; unprivileged users cannot trigger without specific netlink access.
🎯 Exploit Status
Discovered through syzkaller fuzzing; exploitation requires precise timing and error conditions to trigger the infinite recursion.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in Linux kernel commits: 167d4b47a9bdcb01541dfa29e9f3cbb8edd3dfd2, 40a344b2ddc06c1a2caa7208a43911f39c662778, 4a7c465a5dcd657d59d25bf4815e19ac05c13061, 9472d07cd095cbd3294ac54c42f304a38fbe9bfe, 9c5258196182c25b55c33167cd72fdd9bbf08985
Vendor Advisory: https://git.kernel.org/stable/c/167d4b47a9bdcb01541dfa29e9f3cbb8edd3dfd2
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to install latest kernel updates. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable IPv6
linuxPrevents the vulnerable IPv6 fib6 dump code from being executed.
echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6
sysctl -w net.ipv6.conf.all.disable_ipv6=1
Restrict netlink socket access
linuxLimit which users can create netlink route sockets to reduce attack surface.
Use Linux capabilities or SELinux/AppArmor to restrict NET_ADMIN and NET_RAW capabilities
🧯 If You Can't Patch
- Implement strict access controls to prevent unprivileged users from creating netlink sockets
- Monitor system logs for kernel panic events and implement crash recovery automation
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare with distribution's patched versions. Vulnerable if running kernel before fix commits.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits: 'uname -r' and check distribution security advisories.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/kern.log or dmesg
- Stack guard page hit errors
- Recursive fib6_dump_done calls
Network Indicators:
- Unusual netlink socket activity from unprivileged users
SIEM Query:
source="kernel" AND ("stack guard page" OR "fib6_dump_done" OR "kernel panic")🔗 References
- https://git.kernel.org/stable/c/167d4b47a9bdcb01541dfa29e9f3cbb8edd3dfd2
- https://git.kernel.org/stable/c/40a344b2ddc06c1a2caa7208a43911f39c662778
- https://git.kernel.org/stable/c/4a7c465a5dcd657d59d25bf4815e19ac05c13061
- https://git.kernel.org/stable/c/9472d07cd095cbd3294ac54c42f304a38fbe9bfe
- https://git.kernel.org/stable/c/9c5258196182c25b55c33167cd72fdd9bbf08985
- https://git.kernel.org/stable/c/d21d40605bca7bd5fc23ef03d4c1ca1f48bc2cae
- https://git.kernel.org/stable/c/f2dd75e57285f49e34af1a5b6cd8945c08243776
- https://git.kernel.org/stable/c/fd307f2d91d40fa7bc55df3e2cd1253fabf8a2d6
- https://git.kernel.org/stable/c/167d4b47a9bdcb01541dfa29e9f3cbb8edd3dfd2
- https://git.kernel.org/stable/c/40a344b2ddc06c1a2caa7208a43911f39c662778
- https://git.kernel.org/stable/c/4a7c465a5dcd657d59d25bf4815e19ac05c13061
- https://git.kernel.org/stable/c/9472d07cd095cbd3294ac54c42f304a38fbe9bfe
- https://git.kernel.org/stable/c/9c5258196182c25b55c33167cd72fdd9bbf08985
- https://git.kernel.org/stable/c/d21d40605bca7bd5fc23ef03d4c1ca1f48bc2cae
- https://git.kernel.org/stable/c/f2dd75e57285f49e34af1a5b6cd8945c08243776
- https://git.kernel.org/stable/c/fd307f2d91d40fa7bc55df3e2cd1253fabf8a2d6
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
