CVE-2024-36916
📋 TL;DR
This CVE-2024-36916 is a Linux kernel vulnerability in the blk-iocost subsystem where an out-of-bounds shift operation can cause undefined behavior. It affects Linux systems with the blk-iocost feature enabled, potentially leading to system instability or crashes. The vulnerability is triggered when iocg->delay is shifted by an exponent larger than 64 bits.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system crash leading to denial of service, potentially causing data corruption or system instability.
Likely Case
System instability, kernel warnings in logs, or performance degradation in I/O operations.
If Mitigated
Minimal impact if patched; unpatched systems may experience occasional kernel warnings but likely no direct exploitation.
🎯 Exploit Status
This is a reliability bug rather than a security vulnerability with direct exploitation. Triggering requires specific conditions in the blk-iocost subsystem.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 488dc6808cb8369685f18cee81e88e7052ac153b, 62accf6c1d7b433752cb3591bba8967b7a801ad5, 844fc023e9f14a4fb1de5ae1eaefafd6d69c5fa1, beaa51b36012fad5a4d3c18b88a617aea7a9b96d, ce0e99cae00e3131872936713b7f55eefd53ab86
Vendor Advisory: https://git.kernel.org/stable/c/488dc6808cb8369685f18cee81e88e7052ac153b
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check distribution-specific security advisories. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable blk-iocost
linuxDisable the blk-iocost feature if not required
echo 'kernel.blk_iocost.enable=0' >> /etc/sysctl.conf
sysctl -p
🧯 If You Can't Patch
- Monitor system logs for UBSAN warnings related to shift-out-of-bounds in blk-iocost
- Consider disabling blk-iocost feature if not essential for your workload
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if blk-iocost is enabled: grep CONFIG_BLK_CGROUP_IOCOST /boot/config-$(uname -r) and check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits: uname -r and check with distribution vendor for specific patched versions.📡 Detection & Monitoring
Log Indicators:
- UBSAN: shift-out-of-bounds in block/blk-iocost.c messages in kernel logs
- Kernel warnings about undefined behavior
Network Indicators:
- None - this is a local kernel issue
SIEM Query:
source="kernel" AND "shift-out-of-bounds" AND "blk-iocost"🔗 References
- https://git.kernel.org/stable/c/488dc6808cb8369685f18cee81e88e7052ac153b
- https://git.kernel.org/stable/c/62accf6c1d7b433752cb3591bba8967b7a801ad5
- https://git.kernel.org/stable/c/844fc023e9f14a4fb1de5ae1eaefafd6d69c5fa1
- https://git.kernel.org/stable/c/beaa51b36012fad5a4d3c18b88a617aea7a9b96d
- https://git.kernel.org/stable/c/ce0e99cae00e3131872936713b7f55eefd53ab86
- https://git.kernel.org/stable/c/f6add0a6f78dc6360b822ca4b6f9f2f14174c8ca
- https://git.kernel.org/stable/c/488dc6808cb8369685f18cee81e88e7052ac153b
- https://git.kernel.org/stable/c/62accf6c1d7b433752cb3591bba8967b7a801ad5
- https://git.kernel.org/stable/c/844fc023e9f14a4fb1de5ae1eaefafd6d69c5fa1
- https://git.kernel.org/stable/c/beaa51b36012fad5a4d3c18b88a617aea7a9b96d
- https://git.kernel.org/stable/c/ce0e99cae00e3131872936713b7f55eefd53ab86
- https://git.kernel.org/stable/c/f6add0a6f78dc6360b822ca4b6f9f2f14174c8ca
- https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html
- https://security.netapp.com/advisory/ntap-20240905-0006/
