CVE-2024-35971
📋 TL;DR
A race condition vulnerability in the Linux kernel's ks8851 Ethernet driver causes system hangs when processing network packets. The issue occurs when softirq handling attempts to reacquire an already-locked spinlock during interrupt processing. This affects systems using the ks8851 network hardware with vulnerable kernel versions.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Complete system hang requiring hard reboot, causing denial of service for all applications and network connectivity loss.
Likely Case
Intermittent system hangs during network activity, particularly when handling ARP packets or network traffic bursts.
If Mitigated
No impact if patched or if ks8851 hardware is not used.
🎯 Exploit Status
Exploitation requires sending network packets to trigger the race condition. No public exploit code has been disclosed as of the advisory date.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 492337a4fbd1, 49d5d70538b6, be0384bf599c, or cba376eb036c
Vendor Advisory: https://git.kernel.org/stable/c/492337a4fbd1421b42df684ee9b34be2a2722540
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify ks8851 driver is updated.
🔧 Temporary Workarounds
Disable ks8851 interface
linuxTemporarily disable the affected network interface if not required
sudo ip link set dev [interface_name] down
Blacklist ks8851 driver
linuxPrevent loading of vulnerable driver module
echo 'blacklist ks8851' | sudo tee /etc/modprobe.d/ks8851-blacklist.conf
sudo update-initramfs -u
sudo reboot
🧯 If You Can't Patch
- Isolate systems with ks8851 hardware from untrusted networks using firewall rules
- Implement network traffic monitoring for abnormal packet patterns that could trigger the condition
🔍 How to Verify
Check if Vulnerable:
Check if ks8851 module is loaded: lsmod | grep ks8851. Check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits. Check dmesg for ks8851 driver loading without errors.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- System hang events in system logs
- Network interface errors for ks8851
Network Indicators:
- Unusual ARP traffic patterns
- Network connectivity loss events
SIEM Query:
source="kernel" AND ("ks8851" OR "softirq" OR "spinlock") AND ("hang" OR "deadlock" OR "panic")🔗 References
- https://git.kernel.org/stable/c/492337a4fbd1421b42df684ee9b34be2a2722540
- https://git.kernel.org/stable/c/49d5d70538b6b8f2a3f8f1ac30c1f921d4a0929b
- https://git.kernel.org/stable/c/be0384bf599cf1eb8d337517feeb732d71f75a6f
- https://git.kernel.org/stable/c/cba376eb036c2c20077b41d47b317d8218fe754f
- http://www.openwall.com/lists/oss-security/2024/05/30/1
- http://www.openwall.com/lists/oss-security/2024/05/30/2
- https://git.kernel.org/stable/c/492337a4fbd1421b42df684ee9b34be2a2722540
- https://git.kernel.org/stable/c/49d5d70538b6b8f2a3f8f1ac30c1f921d4a0929b
- https://git.kernel.org/stable/c/be0384bf599cf1eb8d337517feeb732d71f75a6f
- https://git.kernel.org/stable/c/cba376eb036c2c20077b41d47b317d8218fe754f
