CVE-2024-36270
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's netfilter tproxy module allows local attackers to cause a kernel panic (denial of service) or potentially execute arbitrary code. This affects Linux systems with netfilter tproxy functionality enabled. The vulnerability occurs when __in_dev_get_rcu() returns NULL but the code doesn't check for this condition.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel crash leading to system reboot, or potential privilege escalation to kernel-level code execution
Likely Case
Local denial of service through kernel panic and system reboot
If Mitigated
Minimal impact if tproxy functionality is disabled or proper kernel hardening is in place
🎯 Exploit Status
Requires local access and knowledge of triggering the specific code path
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple stable kernel versions with fixes (see references)
Vendor Advisory: https://git.kernel.org/stable/c/07eeedafc59c45fe5de43958128542be3784764c
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Reboot system. 3. Verify kernel version matches patched release.
🔧 Temporary Workarounds
Disable tproxy functionality
linuxRemove or disable netfilter tproxy module if not required
modprobe -r nf_tproxy_ipv4
modprobe -r nf_tproxy_ipv6
🧯 If You Can't Patch
- Restrict local user access to systems with tproxy enabled
- Implement kernel hardening features like KASAN to detect exploitation attempts
🔍 How to Verify
Check if Vulnerable:
Check if tproxy modules are loaded: lsmod | grep tproxyCheck Version:
uname -rVerify Fix Applied:
Check kernel version against patched releases and verify tproxy modules function without crashes📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- NULL pointer dereference errors in kernel logs
- System crash/reboot events
Network Indicators:
- Unexpected system reboots on servers with tproxy enabled
SIEM Query:
source="kernel" AND ("NULL pointer dereference" OR "general protection fault" OR "KASAN: null-ptr-deref")🔗 References
- https://git.kernel.org/stable/c/07eeedafc59c45fe5de43958128542be3784764c
- https://git.kernel.org/stable/c/10f0af5234dafd03d2b75233428ec3f11cf7e43d
- https://git.kernel.org/stable/c/21a673bddc8fd4873c370caf9ae70ffc6d47e8d3
- https://git.kernel.org/stable/c/570b4c52096e62fda562448f5760fd0ff06110f0
- https://git.kernel.org/stable/c/6fe5af4ff06db3d4d80e07a19356640428159f03
- https://git.kernel.org/stable/c/819bfeca16eb9ad647ddcae25e7e12c30612147c
- https://git.kernel.org/stable/c/caf3a8afb5ea00db6d5398adf148d5534615fd80
- https://git.kernel.org/stable/c/07eeedafc59c45fe5de43958128542be3784764c
- https://git.kernel.org/stable/c/10f0af5234dafd03d2b75233428ec3f11cf7e43d
- https://git.kernel.org/stable/c/21a673bddc8fd4873c370caf9ae70ffc6d47e8d3
- https://git.kernel.org/stable/c/570b4c52096e62fda562448f5760fd0ff06110f0
- https://git.kernel.org/stable/c/6fe5af4ff06db3d4d80e07a19356640428159f03
- https://git.kernel.org/stable/c/819bfeca16eb9ad647ddcae25e7e12c30612147c
- https://git.kernel.org/stable/c/caf3a8afb5ea00db6d5398adf148d5534615fd80
