CVE-2024-36890
📋 TL;DR
A Linux kernel memory management vulnerability where the __free(kfree) cleanup mechanism fails to check for error pointers before freeing memory. This causes kernel crashes when error pointers are passed to automatic cleanup functions. Affects systems running vulnerable Linux kernel versions with slab allocator usage.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially causing data loss or service disruption.
Likely Case
System crash or kernel panic when specific driver functions encounter error conditions, resulting in denial of service.
If Mitigated
No impact if patched; unpatched systems may experience crashes only when specific error conditions occur in affected code paths.
🎯 Exploit Status
Exploitation requires triggering specific error conditions in kernel code using __free(kfree) cleanup attributes.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits: 79cbe0be6c0317b215ddd8bd3e32f0afdac48543, 946771c2a2b1150f9b7286feadc3aa1e15a1eb16, 9f6eb0ab4f95240589ee85fd9886a944cd3645b2, ac6cf3ce9b7d12acb7b528248df5f87caa25fcdc, cd7eb8f83fcf258f71e293f7fc52a70be8ed0128
Vendor Advisory: https://git.kernel.org/stable/c/79cbe0be6c0317b215ddd8bd3e32f0afdac48543
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
No effective workaround
linuxThis is a core kernel memory management bug; no configuration changes or workarounds exist.
🧯 If You Can't Patch
- Monitor system logs for kernel panic or crash events
- Restrict user access to minimize potential trigger conditions
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare with patched versions from your distribution vendorCheck Version:
uname -rVerify Fix Applied:
Verify kernel version after update matches patched version from vendor📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- System crash logs
- OOM (Out of Memory) killer activity
Network Indicators:
- None - this is a local kernel vulnerability
SIEM Query:
source="kernel" AND ("panic" OR "Oops" OR "BUG")🔗 References
- https://git.kernel.org/stable/c/79cbe0be6c0317b215ddd8bd3e32f0afdac48543
- https://git.kernel.org/stable/c/946771c2a2b1150f9b7286feadc3aa1e15a1eb16
- https://git.kernel.org/stable/c/9f6eb0ab4f95240589ee85fd9886a944cd3645b2
- https://git.kernel.org/stable/c/ac6cf3ce9b7d12acb7b528248df5f87caa25fcdc
- https://git.kernel.org/stable/c/cd7eb8f83fcf258f71e293f7fc52a70be8ed0128
- https://git.kernel.org/stable/c/edca32f87329d6e341d2143a3b58ec254e8f6b88
- https://git.kernel.org/stable/c/79cbe0be6c0317b215ddd8bd3e32f0afdac48543
- https://git.kernel.org/stable/c/9f6eb0ab4f95240589ee85fd9886a944cd3645b2
- https://git.kernel.org/stable/c/ac6cf3ce9b7d12acb7b528248df5f87caa25fcdc
- https://git.kernel.org/stable/c/cd7eb8f83fcf258f71e293f7fc52a70be8ed0128
