CVE-2024-35960
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's mlx5 network driver allows local attackers to cause a kernel crash (denial of service) or potentially execute arbitrary code. This affects systems using Mellanox network adapters with the affected driver. Attackers need local access to exploit this vulnerability.
💻 Affected Systems
- Linux kernel mlx5 network driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, with potential for local privilege escalation if combined with other vulnerabilities.
Likely Case
System crash and denial of service when specific network operations are performed on affected Mellanox hardware.
If Mitigated
No impact if patched or if system doesn't use affected Mellanox network hardware/driver.
🎯 Exploit Status
Exploitation requires local access and specific network operations. The bug was discovered in production environments.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel with commits 1263b0b26077b1183c3c45a0a2479573a351d423 or later
Vendor Advisory: https://git.kernel.org/stable/c/1263b0b26077b1183c3c45a0a2479573a351d423
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable mlx5 driver
linuxTemporarily disable the affected network driver if not required
modprobe -r mlx5_core
echo 'blacklist mlx5_core' > /etc/modprobe.d/blacklist-mlx5.conf
🧯 If You Can't Patch
- Restrict local user access to systems with Mellanox hardware
- Monitor for kernel panic/crash events and investigate root causes
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if mlx5 driver is loaded: 'uname -r' and 'lsmod | grep mlx5'Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated and check dmesg for mlx5 driver loading without errors📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- NULL pointer dereference in mlx5 driver logs
- System crash/reboot events
Network Indicators:
- Sudden loss of network connectivity on Mellanox interfaces
SIEM Query:
event_type:kernel_panic AND driver:mlx5 OR event_type:system_crash AND interface:mlx5🔗 References
- https://git.kernel.org/stable/c/1263b0b26077b1183c3c45a0a2479573a351d423
- https://git.kernel.org/stable/c/2e8dc5cffc844dacfa79f056dea88002312f253f
- https://git.kernel.org/stable/c/3d90ca9145f6b97b38d0c2b6b30f6ca6af9c1801
- https://git.kernel.org/stable/c/5cf5337ef701830f173b4eec00a4f984adeb57a0
- https://git.kernel.org/stable/c/7aaee12b804c5e0374e7b132b6ec2158ff33dd64
- https://git.kernel.org/stable/c/7c6782ad4911cbee874e85630226ed389ff2e453
- https://git.kernel.org/stable/c/adf67a03af39095f05d82050f15813d6f700159d
- https://git.kernel.org/stable/c/de0139719cdda82806a47580ca0df06fc85e0bd2
- https://git.kernel.org/stable/c/1263b0b26077b1183c3c45a0a2479573a351d423
- https://git.kernel.org/stable/c/2e8dc5cffc844dacfa79f056dea88002312f253f
- https://git.kernel.org/stable/c/3d90ca9145f6b97b38d0c2b6b30f6ca6af9c1801
- https://git.kernel.org/stable/c/5cf5337ef701830f173b4eec00a4f984adeb57a0
- https://git.kernel.org/stable/c/7aaee12b804c5e0374e7b132b6ec2158ff33dd64
- https://git.kernel.org/stable/c/7c6782ad4911cbee874e85630226ed389ff2e453
- https://git.kernel.org/stable/c/adf67a03af39095f05d82050f15813d6f700159d
- https://git.kernel.org/stable/c/de0139719cdda82806a47580ca0df06fc85e0bd2
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
