Login Sign Up

CVE-2024-36924

5.5 MEDIUM
Denial of Service

📋 TL;DR

This CVE describes a potential deadlock vulnerability in the Linux kernel's lpfc SCSI driver. If exploited, it could cause system instability or denial of service by locking up the affected driver. Systems using Linux kernels with the vulnerable lpfc driver are affected.

💻 Affected Systems

Products:
  • Linux kernel with lpfc SCSI driver
Versions: Specific kernel versions containing the vulnerable code (check git commits for exact ranges)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using lpfc SCSI adapters (Emulex Fibre Channel). Systems without these adapters are not vulnerable.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

System crash or kernel panic requiring reboot, potentially causing data loss or service disruption.

🟠

Likely Case

Local denial of service affecting SCSI operations, possibly requiring system reboot to recover.

🟢

If Mitigated

Minor performance impact or no effect if the deadlock condition isn't triggered.

🌐 Internet-Facing: LOW - This is a local kernel driver issue requiring local access.
🏢 Internal Only: MEDIUM - Could affect servers using lpfc SCSI adapters, potentially disrupting storage operations.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH - Requires local access and specific conditions to trigger deadlock

Exploitation requires local access and specific timing conditions to trigger the deadlock.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing fixes from the provided git commits

Vendor Advisory: https://git.kernel.org/stable/c/6503c39398506cadda9f4c81695a9655ca5fb4fd

Restart Required: Yes

Instructions:

1. Update to a patched kernel version from your distribution vendor. 2. Reboot the system to load the new kernel. 3. Verify the fix is applied by checking kernel version.

🔧 Temporary Workarounds

Disable lpfc module

linux

Prevent loading of the vulnerable lpfc driver if not needed

echo 'blacklist lpfc' >> /etc/modprobe.d/blacklist.conf
rmmod lpfc

🧯 If You Can't Patch

  • Monitor systems for kernel panics or SCSI operation failures
  • Ensure proper backups and recovery procedures for affected storage systems

🔍 How to Verify

Check if Vulnerable:

Check if lpfc module is loaded: lsmod | grep lpfc AND check kernel version against affected ranges

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated beyond vulnerable versions AND lpfc module loads without issues

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • SCSI operation timeouts
  • lpfc driver error messages in dmesg

Network Indicators:

  • Storage connectivity issues if using lpfc adapters

SIEM Query:

Search for 'kernel panic' OR 'lpfc' error messages in system logs

📊 Metadata

CVE ID: CVE-2024-36924
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-667
Published: May 30, 2024
Last Updated: January 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-36924, you might also want to check these:

CVE-2020-12658 9.8

CVE-2020-12658 is a critical vulnerability in gssproxy (GSS-API proxy daemon) where improper mutex h...

Same vulnerability type (CWE-667)
CVE-2020-11284 8.4

This vulnerability allows non-secure boot loaders to unlock and modify memory regions that should re...

Same vulnerability type (CWE-667)
CVE-2021-22530 8.2

CVE-2021-22530 is an authentication bypass vulnerability in NetIQ Advanced Authentication that allow...

Same vulnerability type (CWE-667)