CVE-2024-35959
📋 TL;DR
This CVE describes a race condition vulnerability in the Linux kernel's mlx5e network driver where the cleanup flow fails to properly acquire a lock during error handling. This could lead to use-after-free or memory corruption scenarios affecting systems using Mellanox network adapters with the mlx5 driver. The vulnerability requires local access to trigger.
💻 Affected Systems
- Linux kernel with mlx5e network driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system crash leading to denial of service, or potential privilege escalation if combined with other vulnerabilities.
Likely Case
System crash or kernel panic causing denial of service during network driver initialization failures.
If Mitigated
Minor system instability during driver initialization failures with no persistent impact.
🎯 Exploit Status
Exploitation requires local access and ability to trigger driver initialization failures. The vulnerability was discovered through kernel debugging warnings.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 6bd77865fda662913dcb5722a66a773840370aa7, ad26f26abd353113dea4e8d5ebadccdab9b61e76, ecb829459a841198e142f72fadab56424ae96519, f9ac93b6f3de34aa0bb983b9be4f69ca50fc70f3
Vendor Advisory: https://git.kernel.org/stable/c/6bd77865fda662913dcb5722a66a773840370aa7
Restart Required: Yes
Instructions:
1. Update to a kernel version containing the fix commits. 2. Check your distribution's security advisories for backported patches. 3. Reboot the system after kernel update.
🔧 Temporary Workarounds
Disable mlx5 driver
linuxPrevent loading of the vulnerable mlx5 network driver
echo 'blacklist mlx5_core' > /etc/modprobe.d/blacklist-mlx5.conf
update-initramfs -u
reboot
🧯 If You Can't Patch
- Restrict local user access to systems with Mellanox adapters
- Monitor kernel logs for suspicious RCU usage warnings related to mlx5e_selq_apply
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if mlx5_core module is loaded: lsmod | grep mlx5_core && uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is patched and check dmesg for absence of 'suspicious rcu_dereference_protected() usage' warnings related to mlx5e_selq_apply📡 Detection & Monitoring
Log Indicators:
- Kernel log entries containing: 'suspicious rcu_dereference_protected() usage', 'mlx5e_selq_apply', 'WARNING: suspicious RCU usage'
Network Indicators:
- None - this is a local kernel vulnerability
SIEM Query:
source="kernel" AND ("suspicious rcu_dereference_protected" OR "mlx5e_selq_apply" OR "WARNING: suspicious RCU usage")🔗 References
- https://git.kernel.org/stable/c/6bd77865fda662913dcb5722a66a773840370aa7
- https://git.kernel.org/stable/c/ad26f26abd353113dea4e8d5ebadccdab9b61e76
- https://git.kernel.org/stable/c/ecb829459a841198e142f72fadab56424ae96519
- https://git.kernel.org/stable/c/f9ac93b6f3de34aa0bb983b9be4f69ca50fc70f3
- https://git.kernel.org/stable/c/6bd77865fda662913dcb5722a66a773840370aa7
- https://git.kernel.org/stable/c/ad26f26abd353113dea4e8d5ebadccdab9b61e76
- https://git.kernel.org/stable/c/ecb829459a841198e142f72fadab56424ae96519
- https://git.kernel.org/stable/c/f9ac93b6f3de34aa0bb983b9be4f69ca50fc70f3
