CVE-2024-36005 – This CVE addresses a kernel panic vulnerability... (How to Fix)

Q: What is the severity of CVE-2024-36005?

CVE-2024-36005 has a CVSS score of 5.5 (MEDIUM). This CVE addresses a kernel panic vulnerability in the Linux kernel's netfilter subsystem when handling network device removal events. The issue occurs when nf_tables fails to check the dormant flag before unregistering hooks, causing a double-unregistration attempt that triggers a warning and potential system crash. Systems running affected Linux kernel versions with nf_tables enabled are vulnerable.

📋 TL;DR

This CVE addresses a kernel panic vulnerability in the Linux kernel's netfilter subsystem when handling network device removal events. The issue occurs when nf_tables fails to check the dormant flag before unregistering hooks, causing a double-unregistration attempt that triggers a warning and potential system crash. Systems running affected Linux kernel versions with nf_tables enabled are vulnerable.

💻 Affected Systems

Products:

Linux Kernel

Versions: Specific affected versions not explicitly stated, but references indicate fixes in stable kernel trees. Likely affects versions before the fix commits.

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when nf_tables is enabled and network devices are being removed or reconfigured. Not all systems use nf_tables by default.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially causing data loss or service disruption.

🟠

Likely Case

System warning messages in kernel logs and potential system instability when network interfaces are removed or reconfigured.

🟢

If Mitigated

Minor performance impact from warning messages with no functional disruption if system remains stable.

🌐 Internet-Facing: LOW - Requires local access or ability to trigger network interface changes.

🏢 Internal Only: MEDIUM - Internal users with network configuration privileges could trigger the issue.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires ability to trigger network device removal events, typically requiring privileged access or specific system conditions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 13ba94f6cc820fdea15efeaa17d4c722874eebf9, 5c45feb3c288cf44a529e2657b36c259d86497d2, 8260c980aee7d8d8a3db39faf19c391d2f898816, 8e30abc9ace4f0add4cd761dfdbfaebae5632dd2, ca34c40d1c22c555fa7f4a21a1c807fea7290a0a

Vendor Advisory: https://git.kernel.org/stable/c/13ba94f6cc820fdea15efeaa17d4c722874eebf9

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable nf_tables

linux

Disable the nf_tables subsystem if not required

modprobe -r nf_tables
echo 'blacklist nf_tables' >> /etc/modprobe.d/blacklist.conf

Avoid network interface changes

linux

Limit network interface removal/reconfiguration operations

🧯 If You Can't Patch

Monitor kernel logs for warning messages related to __nf_unregister_net_hook
Implement strict access controls for network configuration operations

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if nf_tables module is loaded: lsmod | grep nf_tables

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits or check that warning messages no longer appear in dmesg when removing network interfaces

📡 Detection & Monitoring

Log Indicators:

WARNING messages in kernel logs containing '__nf_unregister_net_hook'
Stack traces mentioning nf_tables_netdev_event

Network Indicators:

Unusual network interface state changes

SIEM Query:

source="kernel" AND "__nf_unregister_net_hook" OR "nf_tables_netdev_event"

📊 Metadata

CVE ID: CVE-2024-36005

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Published: May 20, 2024

Last Updated: December 17, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON