CVE-2024-35973
📋 TL;DR
A vulnerability in the Linux kernel's GENEVE (Generic Network Virtualization Encapsulation) implementation allows uninitialized memory access when processing VLAN-tagged packets. This can lead to kernel memory corruption and potential denial of service or information disclosure. Systems using GENEVE tunnels with VLAN tagging are affected.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, potential information disclosure from kernel memory, or remote code execution in kernel context.
Likely Case
System instability, kernel crashes, or denial of service affecting network connectivity through GENEVE tunnels.
If Mitigated
Minimal impact if VLAN tagging is not used with GENEVE tunnels or if proper network segmentation isolates vulnerable systems.
🎯 Exploit Status
Exploitation requires sending specially crafted VLAN-tagged packets to GENEVE tunnel endpoints. The syzbot report shows proof-of-concept triggering uninitialized memory access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 10204df9beda4978bd1d0c2db0d8375bfb03b915, 190d9efa5773f26d6f334b1b8be282c4fa13fd5e, 357163fff3a6e48fe74745425a32071ec9caf852, 3c1ae6de74e3d2d6333d29a2d3e13e6094596c79, 43be590456e1f3566054ce78ae2dbb68cbe1a536
Vendor Advisory: https://git.kernel.org/stable/c/10204df9beda4978bd1d0c2db0d8375bfb03b915
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable GENEVE tunneling
linuxRemove or disable GENEVE tunnel configurations if not required
ip link delete geneve0
modprobe -r geneve
Block VLAN-tagged packets to GENEVE
linuxUse firewall rules to drop VLAN-tagged packets destined for GENEVE ports
iptables -A INPUT -p udp --dport 6081 -m vlan -j DROP
🧯 If You Can't Patch
- Isolate systems using GENEVE tunnels from untrusted networks
- Implement network monitoring for abnormal GENEVE traffic patterns
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if GENEVE module is loaded: lsmod | grep geneve && uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits or is newer than vulnerable versions📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- OOM killer messages
- Network interface errors
Network Indicators:
- Abnormal UDP traffic on port 6081 with VLAN tags
- GENEVE tunnel disruption
SIEM Query:
source="kernel" AND ("panic" OR "BUG" OR "geneve")🔗 References
- https://git.kernel.org/stable/c/10204df9beda4978bd1d0c2db0d8375bfb03b915
- https://git.kernel.org/stable/c/190d9efa5773f26d6f334b1b8be282c4fa13fd5e
- https://git.kernel.org/stable/c/357163fff3a6e48fe74745425a32071ec9caf852
- https://git.kernel.org/stable/c/3c1ae6de74e3d2d6333d29a2d3e13e6094596c79
- https://git.kernel.org/stable/c/43be590456e1f3566054ce78ae2dbb68cbe1a536
- https://git.kernel.org/stable/c/4a1b65d1e55d53b397cb27014208be1e04172670
- https://git.kernel.org/stable/c/d3adf11d7993518a39bd02b383cfe657ccc0023c
- https://git.kernel.org/stable/c/d8a6213d70accb403b82924a1c229e733433a5ef
- https://git.kernel.org/stable/c/10204df9beda4978bd1d0c2db0d8375bfb03b915
- https://git.kernel.org/stable/c/190d9efa5773f26d6f334b1b8be282c4fa13fd5e
- https://git.kernel.org/stable/c/357163fff3a6e48fe74745425a32071ec9caf852
- https://git.kernel.org/stable/c/3c1ae6de74e3d2d6333d29a2d3e13e6094596c79
- https://git.kernel.org/stable/c/43be590456e1f3566054ce78ae2dbb68cbe1a536
- https://git.kernel.org/stable/c/4a1b65d1e55d53b397cb27014208be1e04172670
- https://git.kernel.org/stable/c/d3adf11d7993518a39bd02b383cfe657ccc0023c
- https://git.kernel.org/stable/c/d8a6213d70accb403b82924a1c229e733433a5ef
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
