Login Sign Up

CVE-2024-36972

7.5 HIGH

📋 TL;DR

A race condition vulnerability in the Linux kernel's AF_UNIX socket implementation allows a NULL pointer dereference when handling out-of-band (OOB) data. This can lead to kernel panic and system crash. Any system running an affected Linux kernel version is vulnerable.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected versions not explicitly listed in CVE, but based on commit history, likely affects multiple stable kernel versions before fixes were backported.
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires AF_UNIX sockets with MSG_OOB capability; common in various IPC mechanisms and some network services.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to complete system crash and denial of service, potentially causing data loss or service disruption.

🟠

Likely Case

System crash or kernel panic resulting in denial of service, requiring system reboot.

🟢

If Mitigated

No impact if patched; unpatched systems remain vulnerable to crashes.

🌐 Internet-Facing: MEDIUM - Requires local access or ability to send network traffic to AF_UNIX sockets, which are typically local-only but can be exposed via network services.
🏢 Internal Only: MEDIUM - Local attackers or malicious processes can trigger the vulnerability to crash the system.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires triggering a race condition between garbage collection and OOB message handling, which may be challenging but feasible for skilled attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 4708f49add84a57ce0ccc7bf9a6269845c631cc3, 4bf6964451c3cb411fbaa1ae8b214b3d97a59bf1, 518a994aa0b87d96f1bc6678a7035df5d1fcd7a1, 9841991a446c87f90f66f4b9fee6fe934c1336a2, d59ae9314b97e01c76a4171472441e55721ba636

Vendor Advisory: https://git.kernel.org/stable/c/4708f49add84a57ce0ccc7bf9a6269845c631cc3

Restart Required: Yes

Instructions:

1. Update Linux kernel to a version containing the fix. 2. Check your distribution's security advisories for specific patched versions. 3. Reboot the system after kernel update.

🔧 Temporary Workarounds

Disable AF_UNIX sockets

linux

Remove or disable AF_UNIX socket usage if not required, though this may break IPC and some services.

Not applicable - requires application/service configuration changes

🧯 If You Can't Patch

  • Restrict access to systems using AF_UNIX sockets to trusted users only.
  • Monitor system logs for kernel panic or crash indicators and have incident response procedures ready.

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with distribution's security advisory for patched versions.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated to a version containing one of the fix commits listed in the CVE.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs, NULL pointer dereference errors in dmesg or system logs

Network Indicators:

  • Unusual AF_UNIX socket traffic patterns

SIEM Query:

Search for 'kernel panic', 'NULL pointer dereference', or 'oops' in system logs with reference to AF_UNIX or skb_dequeue.

📊 Metadata

CVE ID: CVE-2024-36972
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-476
Published: June 10, 2024
Last Updated: April 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-36972, you might also want to check these:

CVE-2022-36648 10.0

This CVE describes a vulnerability in QEMU's hardware emulation where a malformed program executed i...

Same vulnerability type (CWE-476)
CVE-2022-30592 9.8

This vulnerability in LiteSpeed QUIC (LSQUIC) before version 3.1.0 involves improper handling of MAX...

Same vulnerability type (CWE-476)
CVE-2023-47003 9.8

A NULL pointer dereference vulnerability in RedisGraph allows attackers to execute arbitrary code or...

Same vulnerability type (CWE-476)