CVE-2024-35896
📋 TL;DR
This CVE describes a kernel memory corruption vulnerability in the Linux netfilter subsystem where setsockopt() fails to validate user input length before copying data, leading to a slab-out-of-bounds read. This allows local attackers to potentially escalate privileges or crash the system. It affects Linux systems with netfilter enabled.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to root, kernel panic causing system crash, or information disclosure via memory leaks.
Likely Case
Kernel panic leading to denial of service, or limited information disclosure from kernel memory.
If Mitigated
No impact if proper input validation is enforced or vulnerable code is not reachable.
🎯 Exploit Status
Exploitation requires local access and knowledge of kernel memory layout. The vulnerability was discovered through syzbot fuzzing.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 0c83842df40f86e529db6842231154772c20edcc, 0f038242b77ddfc505bf4163d4904c1abd2e74d6, 18aae2cb87e5faa9c5bd865260ceadac60d5a6c5, 440e948cf0eff32cfe322dcbca3f2525354b159b, 58f2bfb789e6bd3bc24a2c9c1580f3c67aec3018
Vendor Advisory: https://git.kernel.org/stable/c/0c83842df40f86e529db6842231154772c20edcc
Restart Required: Yes
Instructions:
1. Update Linux kernel to a version containing the fix commits. 2. Check your distribution's security advisories for specific patched kernel versions. 3. Reboot the system after kernel update.
🔧 Temporary Workarounds
Restrict user access to setsockopt
linuxLimit which users can call setsockopt with netfilter options through SELinux/AppArmor or user privilege restrictions.
# Example SELinux policy to restrict setsockopt (customize as needed)
# allow only specific domains to use netfilter socket options
Disable netfilter modules if not needed
linuxUnload netfilter kernel modules to prevent the vulnerable code path from being reachable.
# Unload specific netfilter modules (example)
sudo rmmod ip_tables
sudo rmmod nf_sockopt
🧯 If You Can't Patch
- Implement strict access controls to prevent unauthorized users from executing setsockopt operations.
- Monitor system logs for kernel panic events or unusual setsockopt usage patterns.
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare with patched versions from your distribution. Example: uname -r and check if it's before the fix.Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated to a version containing the fix commits. Check distribution security advisories for confirmation.📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs in /var/log/messages or journalctl
- KASAN error reports for slab-out-of-bounds in netfilter functions
Network Indicators:
- Not applicable - this is a local vulnerability
SIEM Query:
Example: source="kernel" AND ("KASAN" OR "slab-out-of-bounds" OR "netfilter" OR "do_ipt_set_ctl")🔗 References
- https://git.kernel.org/stable/c/0c83842df40f86e529db6842231154772c20edcc
- https://git.kernel.org/stable/c/0f038242b77ddfc505bf4163d4904c1abd2e74d6
- https://git.kernel.org/stable/c/18aae2cb87e5faa9c5bd865260ceadac60d5a6c5
- https://git.kernel.org/stable/c/440e948cf0eff32cfe322dcbca3f2525354b159b
- https://git.kernel.org/stable/c/58f2bfb789e6bd3bc24a2c9c1580f3c67aec3018
- https://git.kernel.org/stable/c/81d51b9b7c95e791ba3c1a2dd77920a9d3b3f525
- https://git.kernel.org/stable/c/0c83842df40f86e529db6842231154772c20edcc
- https://git.kernel.org/stable/c/0f038242b77ddfc505bf4163d4904c1abd2e74d6
- https://git.kernel.org/stable/c/18aae2cb87e5faa9c5bd865260ceadac60d5a6c5
- https://git.kernel.org/stable/c/440e948cf0eff32cfe322dcbca3f2525354b159b
- https://git.kernel.org/stable/c/58f2bfb789e6bd3bc24a2c9c1580f3c67aec3018
- https://git.kernel.org/stable/c/81d51b9b7c95e791ba3c1a2dd77920a9d3b3f525
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://security.netapp.com/advisory/ntap-20250321-0004/
