CVE-2024-36031
📋 TL;DR
A Linux kernel vulnerability in the key management subsystem unconditionally overwrites key expiration times during instantiation, defaulting them to permanent. This allows attackers to potentially manipulate key expiration to maintain unauthorized access or disrupt DNS resolution updates. All Linux systems using affected kernel versions are vulnerable.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Attackers could make temporary authentication keys permanent, maintaining persistent unauthorized access to systems or services that rely on key expiration for security.
Likely Case
DNS resolution failures due to keys not expiring properly, causing service disruption and potential cache poisoning attacks.
If Mitigated
Limited to DNS resolution issues without broader system compromise if proper network segmentation and monitoring are in place.
🎯 Exploit Status
Exploitation requires ability to instantiate keys and understanding of key management subsystem
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple stable kernel versions with fixes referenced in git commits
Vendor Advisory: https://git.kernel.org/stable/c/25777f3f4e1f371d16a594925f31e37ce07b6ec7
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version 2. Reboot system 3. Verify kernel version matches patched release
🔧 Temporary Workarounds
Monitor key expiration
linuxImplement monitoring for key expiration anomalies and manual key rotation
keyctl show
keyctl timeout <keyid> <seconds>
🧯 If You Can't Patch
- Implement strict key rotation policies and monitor for unexpected permanent keys
- Restrict key management operations to privileged users only
🔍 How to Verify
Check if Vulnerable:
Check kernel version against patched releases and test key expiration behaviorCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits and test that key expiration times are preserved during instantiation📡 Detection & Monitoring
Log Indicators:
- Unexpected key creation/modification events
- DNS resolution failures
- Key expiration time anomalies
Network Indicators:
- DNS query failures
- Unexpected authentication persistence
SIEM Query:
Search for keyctl operations with suspicious timing or from unauthorized users🔗 References
- https://git.kernel.org/stable/c/25777f3f4e1f371d16a594925f31e37ce07b6ec7
- https://git.kernel.org/stable/c/939a08bcd4334bad4b201e60bd0ae1f278d71d41
- https://git.kernel.org/stable/c/9da27fb65a14c18efd4473e2e82b76b53ba60252
- https://git.kernel.org/stable/c/ad2011ea787928b2accb5134f1e423b11fe80a8a
- https://git.kernel.org/stable/c/cc219cb8afbc40ec100c0de941047bb29373126a
- https://git.kernel.org/stable/c/e4519a016650e952ad9eb27937f8c447d5a4e06d
- https://git.kernel.org/stable/c/ed79b93f725cd0da39a265dc23d77add1527b9be
- https://git.kernel.org/stable/c/25777f3f4e1f371d16a594925f31e37ce07b6ec7
- https://git.kernel.org/stable/c/939a08bcd4334bad4b201e60bd0ae1f278d71d41
- https://git.kernel.org/stable/c/9da27fb65a14c18efd4473e2e82b76b53ba60252
- https://git.kernel.org/stable/c/ad2011ea787928b2accb5134f1e423b11fe80a8a
- https://git.kernel.org/stable/c/cc219cb8afbc40ec100c0de941047bb29373126a
- https://git.kernel.org/stable/c/e4519a016650e952ad9eb27937f8c447d5a4e06d
- https://git.kernel.org/stable/c/ed79b93f725cd0da39a265dc23d77add1527b9be
- https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html
