CVE-2024-35962
📋 TL;DR
This CVE addresses a missing input validation vulnerability in the Linux kernel's netfilter subsystem. Attackers could exploit this to cause kernel memory corruption through specially crafted network filter rules. This affects all Linux systems using netfilter (including iptables/nftables).
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or local privilege escalation leading to full system compromise
Likely Case
Kernel crash causing denial of service and potential system instability
If Mitigated
Limited impact with proper input validation and kernel hardening
🎯 Exploit Status
Exploitation requires local access with CAP_NET_ADMIN privileges or ability to execute code with those privileges
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 562b7245131f6e9f1d280c8b5a8750f03edfc05c, 65acf6e0501ac8880a4f73980d01b5d27648b956, 89242d9584c342cb83311b598d9e6b82572eadf8, 97dab36e57c64106e1c8ebd66cbf0d2d1e52d6b7, c760089aa98289b4b88a7ff5a62dd92845adf223
Vendor Advisory: https://git.kernel.org/stable/c/
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Restrict netfilter rule modification
linuxLimit CAP_NET_ADMIN capability to essential users only
# Review users with CAP_NET_ADMIN: getcap /usr/sbin/iptables
# Remove unnecessary capabilities: setcap -r /usr/sbin/iptables
🧯 If You Can't Patch
- Implement strict access controls to prevent unauthorized users from modifying netfilter rules
- Monitor for unusual netfilter rule changes and kernel panic events
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare with patched versions from kernel git commitsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version contains one of the fix commit hashes: 562b7245131f6e9f1d280c8b5a8750f03edfc05c or related commits📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- Netfilter rule modification attempts by non-privileged users
- System crashes after netfilter rule changes
Network Indicators:
- Unusual netfilter rule configurations
SIEM Query:
source="kernel" AND ("panic" OR "Oops") OR source="audit" AND "cap_net_admin"🔗 References
- https://git.kernel.org/stable/c/562b7245131f6e9f1d280c8b5a8750f03edfc05c
- https://git.kernel.org/stable/c/65acf6e0501ac8880a4f73980d01b5d27648b956
- https://git.kernel.org/stable/c/89242d9584c342cb83311b598d9e6b82572eadf8
- https://git.kernel.org/stable/c/97dab36e57c64106e1c8ebd66cbf0d2d1e52d6b7
- https://git.kernel.org/stable/c/c760089aa98289b4b88a7ff5a62dd92845adf223
- https://git.kernel.org/stable/c/cf4bc359b76144a3dd55d7c09464ef4c5f2b2b05
- https://git.kernel.org/stable/c/562b7245131f6e9f1d280c8b5a8750f03edfc05c
- https://git.kernel.org/stable/c/65acf6e0501ac8880a4f73980d01b5d27648b956
- https://git.kernel.org/stable/c/89242d9584c342cb83311b598d9e6b82572eadf8
- https://git.kernel.org/stable/c/97dab36e57c64106e1c8ebd66cbf0d2d1e52d6b7
- https://git.kernel.org/stable/c/c760089aa98289b4b88a7ff5a62dd92845adf223
- https://git.kernel.org/stable/c/cf4bc359b76144a3dd55d7c09464ef4c5f2b2b05
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
