CVE-2024-36928
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's s390/qeth driver causes kernel panic when setting the hsuid attribute on an IQD Layer3 device while the network interface is UP. This affects Linux systems running on IBM s390 architecture with qeth networking enabled. The vulnerability leads to denial of service through system crashes.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to complete system crash and denial of service, requiring manual reboot.
Likely Case
System crash when administrators attempt to configure hsuid on affected qeth devices, causing temporary service disruption.
If Mitigated
No impact if hsuid is not being set on affected qeth devices or if systems are patched.
🎯 Exploit Status
Exploitation requires local access and ability to configure network interfaces. The vulnerability is triggered through legitimate administrative actions rather than malicious payloads.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in Linux kernel stable releases via commits: 10cb803aff3b, 8792b557eb50, 8a2e4d37afb8, e28dd1e1bf3e, eae0aec24571
Vendor Advisory: https://git.kernel.org/stable/c/10cb803aff3b11fe0bd5f274fc1c231a43e88df6
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing fixes. 2. For RHEL/CentOS: yum update kernel. 3. For Ubuntu/Debian: apt update && apt upgrade linux-image. 4. Reboot system to load new kernel.
🔧 Temporary Workarounds
Avoid setting hsuid on UP interfaces
linuxPrevent triggering the vulnerability by ensuring network interfaces are DOWN before setting hsuid attribute.
ip link set dev <interface> down
echo <hsuid> > /sys/class/net/<interface>/device/hsuid
ip link set dev <interface> up
🧯 If You Can't Patch
- Implement strict change control for qeth device configuration to prevent hsuid changes on UP interfaces
- Monitor system logs for kernel panic events and have rapid recovery procedures ready
🔍 How to Verify
Check if Vulnerable:
Check if system is s390 architecture with qeth driver: uname -m && lsmod | grep qeth. Check kernel version: uname -r and compare with affected versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version after update: uname -r. Check if fix commits are included: grep -r 'qeth.*napi.*poll' /usr/src/linux-source-* or check kernel changelog.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages with 'illegal operation'
- Call traces showing net_rx_action and __napi_poll
- qeth-related errors in dmesg
Network Indicators:
- Sudden loss of network connectivity on affected interfaces
SIEM Query:
source="kernel" AND ("illegal operation" OR "Kernel panic" OR "qeth" OR "napi_poll")🔗 References
- https://git.kernel.org/stable/c/10cb803aff3b11fe0bd5f274fc1c231a43e88df6
- https://git.kernel.org/stable/c/8792b557eb50b986f2496156d486d0c7c85a1524
- https://git.kernel.org/stable/c/8a2e4d37afb8500b276e5ee903dee06f50ab0494
- https://git.kernel.org/stable/c/e28dd1e1bf3ebb52cdb877fb359e8978a51576e3
- https://git.kernel.org/stable/c/eae0aec245712c52a3ce9c05575b541a9eef5282
- https://git.kernel.org/stable/c/10cb803aff3b11fe0bd5f274fc1c231a43e88df6
- https://git.kernel.org/stable/c/8792b557eb50b986f2496156d486d0c7c85a1524
- https://git.kernel.org/stable/c/8a2e4d37afb8500b276e5ee903dee06f50ab0494
- https://git.kernel.org/stable/c/e28dd1e1bf3ebb52cdb877fb359e8978a51576e3
- https://git.kernel.org/stable/c/eae0aec245712c52a3ce9c05575b541a9eef5282
