Login Sign Up

CVE-2024-36902

5.5 MEDIUM
Denial of Service

📋 TL;DR

A NULL pointer dereference vulnerability in the Linux kernel's IPv6 routing subsystem allows attackers to cause a kernel panic (system crash) through specially crafted network traffic. This affects Linux systems with IPv6 enabled, potentially leading to denial of service. The vulnerability is triggered when the fib6_rule_action() function fails to properly check for NULL before using the result of ip6_dst_idev().

💻 Affected Systems

Products:
  • Linux Kernel
Versions: Specific affected versions not explicitly stated in CVE, but references indicate fixes in stable kernel trees. Likely affects multiple recent kernel versions before fixes.
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires IPv6 to be enabled and configured. Systems with IPv6 disabled are not vulnerable.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash/kernel panic leading to denial of service, requiring system reboot to restore functionality.

🟠

Likely Case

System crash or instability when processing malformed IPv6 routing packets, causing temporary service disruption.

🟢

If Mitigated

Minimal impact if IPv6 is disabled or systems are behind firewalls filtering IPv6 traffic.

🌐 Internet-Facing: MEDIUM - Attackers can trigger this remotely via IPv6 network traffic, but requires specific conditions and packet crafting.
🏢 Internal Only: LOW - Internal attackers could exploit this, but typically require network access and ability to send crafted packets.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires sending specially crafted IPv6 packets to trigger the NULL dereference. The syzbot crash report indicates the vulnerability is triggerable but no public exploit code is mentioned.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Multiple stable kernel commits referenced: 1876881c9a49, 35297fc68de3, 4a5a573387da, 674c951ab8a2, 7e3242c139c3

Vendor Advisory: https://git.kernel.org/stable/c/1876881c9a49613b5249fb400cbf53412d90cb09

Restart Required: Yes

Instructions:

1. Update Linux kernel to a patched version containing the fix commits. 2. Check with your distribution vendor for specific kernel updates. 3. Reboot the system after kernel update.

🔧 Temporary Workarounds

Disable IPv6

linux

Completely disable IPv6 networking to prevent exploitation

echo 'net.ipv6.conf.all.disable_ipv6 = 1' >> /etc/sysctl.conf
echo 'net.ipv6.conf.default.disable_ipv6 = 1' >> /etc/sysctl.conf
sysctl -p

Firewall IPv6 Traffic

linux

Block incoming IPv6 traffic at network perimeter

ip6tables -P INPUT DROP
ip6tables -P FORWARD DROP

🧯 If You Can't Patch

  • Implement strict network segmentation to limit IPv6 traffic to trusted sources only
  • Deploy network intrusion prevention systems (IPS) to detect and block malicious IPv6 packets

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with patched versions from distribution vendor. Check if IPv6 is enabled: 'ip -6 addr show' or 'cat /proc/sys/net/ipv6/conf/all/disable_ipv6'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version after update and ensure it includes the fix commits. Test system stability with IPv6 traffic.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs mentioning 'NULL pointer dereference'
  • System crash/reboot logs
  • IPv6 routing error messages in kernel logs

Network Indicators:

  • Unusual IPv6 packet patterns targeting routing infrastructure
  • Multiple connection attempts to IPv6 services

SIEM Query:

source="kernel" AND ("NULL pointer" OR "general protection fault" OR "KASAN: null-ptr-deref")

📊 Metadata

CVE ID: CVE-2024-36902
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-476
Published: May 30, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-36902, you might also want to check these:

CVE-2022-36648 10.0

This CVE describes a vulnerability in QEMU's hardware emulation where a malformed program executed i...

Same vulnerability type (CWE-476)
CVE-2019-20914 9.8

This vulnerability in GNU LibreDWG is a NULL pointer dereference that can cause application crashes ...

Same vulnerability type (CWE-476)
CVE-2022-30592 9.8

This vulnerability in LiteSpeed QUIC (LSQUIC) before version 3.1.0 involves improper handling of MAX...

Same vulnerability type (CWE-476)