CVE-2024-36930 – A null pointer dereference vulnerability in the... (How to Fix)

Q: What is the severity of CVE-2024-36930?

CVE-2024-36930 has a CVSS score of 5.5 (MEDIUM). A null pointer dereference vulnerability in the Linux kernel's SPI subsystem allows local attackers to cause a kernel panic (denial of service) by reusing SPI messages with non-empty queues. This affects systems using SPI devices with the vulnerable kernel code, primarily embedded systems and IoT devices.

📋 TL;DR

A null pointer dereference vulnerability in the Linux kernel's SPI subsystem allows local attackers to cause a kernel panic (denial of service) by reusing SPI messages with non-empty queues. This affects systems using SPI devices with the vulnerable kernel code, primarily embedded systems and IoT devices.

💻 Affected Systems

Products:

Linux kernel

Versions: Kernel versions containing the vulnerable SPI code (specific versions not provided in CVE, but patches available for stable branches)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using SPI devices. The vulnerability is triggered when spi_sync() is called with non-empty queue and same spi_message is reused.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially disrupting critical operations on affected devices.

🟠

Likely Case

System crash or instability when SPI operations are performed under specific conditions, requiring reboot to restore functionality.

🟢

If Mitigated

No impact if patched or if SPI subsystem is not used in the system configuration.

🌐 Internet-Facing: LOW - Requires local access to trigger, not remotely exploitable.

🏢 Internal Only: MEDIUM - Local attackers or malicious processes could crash the kernel, affecting system availability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to trigger specific SPI operations. No public exploit code identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patched in kernel stable branches via commits: 2070d008cc08bff50a58f0f4d30f12d3ebf94c00, 4756fa529b2f12b7cb8f21fe229b0f6f47190829, a30659f1576d2c8e62e7426232bb18b885fd951a, e005d6754e3e440257006795b687c4ad8733b493

Vendor Advisory: https://git.kernel.org/stable/c/2070d008cc08bff50a58f0f4d30f12d3ebf94c00

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. Rebuild kernel if using custom build. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable SPI devices if not needed

linux

Remove or disable SPI device drivers if not required for system operation

modprobe -r [spi_driver_module]
echo 'blacklist [spi_driver_module]' > /etc/modprobe.d/disable-spi.conf

🧯 If You Can't Patch

Restrict local user access to systems using SPI devices
Implement strict process isolation and privilege separation to limit who can access SPI operations

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if SPI subsystem is in use. Vulnerable if using affected kernel with SPI devices.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits or is newer than patched versions. Check that SPI operations no longer crash when message reuse occurs.

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages in /var/log/kern.log or dmesg
SPI subsystem error messages
System crash/reboot events

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "null pointer dereference") AND "spi"

📊 Metadata

CVE ID: CVE-2024-36930

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: May 30, 2024

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-36930, you might also want to check these: