CVE-2024-35905
📋 TL;DR
This CVE addresses an integer overflow vulnerability in the Linux kernel's BPF verifier that could allow out-of-bounds memory access. Attackers could potentially exploit this to cause kernel crashes or achieve local privilege escalation. Systems running vulnerable Linux kernel versions with BPF enabled are affected.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation leading to full system compromise, kernel memory corruption, or denial of service through kernel panic.
Likely Case
Kernel crash or denial of service, potentially leading to system instability.
If Mitigated
Minimal impact if BPF is disabled or proper kernel hardening is implemented.
🎯 Exploit Status
Exploitation requires crafting malicious BPF programs and local access. The vulnerability is in the verifier, so exploitation would bypass security checks.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits: 203a68151e8e, 37dc1718dc0c, 3f0784b2f1eb, 98cdac206b11, 9970e059af47
Vendor Advisory: https://git.kernel.org/stable/c/203a68151e8eeb331d4a64ab78303f3a15faf103
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable BPF subsystem
linuxPrevents exploitation by disabling the vulnerable component
echo 1 > /proc/sys/kernel/unprivileged_bpf_disabled
sysctl -w kernel.unprivileged_bpf_disabled=1
Restrict BPF usage
linuxLimit BPF program loading to privileged users only
sysctl -w kernel.unprivileged_bpf_disabled=2
🧯 If You Can't Patch
- Implement strict access controls to limit local user privileges
- Monitor for unusual BPF program loading or kernel module activity
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare with distribution security advisories. Vulnerable if running kernel without the listed fix commits.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes one of the fix commits: 203a68151e8e, 37dc1718dc0c, 3f0784b2f1eb, 98cdac206b11, or 9970e059af47📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages
- BPF verifier failure logs
- System crash/panic logs
Network Indicators:
- Not applicable - local vulnerability
SIEM Query:
source="kernel" AND ("BPF" OR "verifier" OR "stack access") AND ("overflow" OR "out of bounds" OR "panic")🔗 References
- https://git.kernel.org/stable/c/203a68151e8eeb331d4a64ab78303f3a15faf103
- https://git.kernel.org/stable/c/37dc1718dc0c4392dbfcb9adec22a776e745dd69
- https://git.kernel.org/stable/c/3f0784b2f1eb9147973d8c43ba085c5fdf44ff69
- https://git.kernel.org/stable/c/98cdac206b112bec63852e94802791e316acc2c1
- https://git.kernel.org/stable/c/9970e059af471478455f9534e8c3db82f8c5496d
- https://git.kernel.org/stable/c/ecc6a2101840177e57c925c102d2d29f260d37c8
- https://git.kernel.org/stable/c/203a68151e8eeb331d4a64ab78303f3a15faf103
- https://git.kernel.org/stable/c/37dc1718dc0c4392dbfcb9adec22a776e745dd69
- https://git.kernel.org/stable/c/3f0784b2f1eb9147973d8c43ba085c5fdf44ff69
- https://git.kernel.org/stable/c/98cdac206b112bec63852e94802791e316acc2c1
- https://git.kernel.org/stable/c/9970e059af471478455f9534e8c3db82f8c5496d
- https://git.kernel.org/stable/c/ecc6a2101840177e57c925c102d2d29f260d37c8
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
