CVE-2024-36979 – This CVE describes a use-after-free vulnerabili... (How to Fix)

Q: What is the severity of CVE-2024-36979?

CVE-2024-36979 has a CVSS score of 7.8 (HIGH). This CVE describes a use-after-free vulnerability in the Linux kernel's bridge Multiple Spanning Tree (MST) implementation. It allows potential memory corruption when VLANs are freed while being accessed during bridge forwarding delay timer operations. Systems running affected Linux kernel versions with bridge networking enabled are vulnerable.

📋 TL;DR

This CVE describes a use-after-free vulnerability in the Linux kernel's bridge Multiple Spanning Tree (MST) implementation. It allows potential memory corruption when VLANs are freed while being accessed during bridge forwarding delay timer operations. Systems running affected Linux kernel versions with bridge networking enabled are vulnerable.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected versions not explicitly stated in CVE description, but patches are available for multiple stable branches.

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when bridge networking is enabled and configured with MST features. Most default Linux installations do not have bridge networking enabled.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic, system crash, or potential privilege escalation leading to full system compromise.

🟠

Likely Case

System instability, kernel crashes, or denial of service affecting network connectivity.

🟢

If Mitigated

Minimal impact if bridge networking is disabled or systems are not using MST features.

🌐 Internet-Facing: MEDIUM - Requires bridge networking to be enabled and configured, which is less common on internet-facing systems.

🏢 Internal Only: MEDIUM - Internal systems using bridge networking for virtualization or container networking could be affected.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires local access and specific bridge/MST configuration. The vulnerability was discovered through syzkaller fuzzing.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Multiple stable kernel versions with fixes: 3a7c1661ae1383364cd6092d851f5e5da64d476b, 4488617e5e995a09abe4d81add5fb165674edb59, 8ca9a750fc711911ef616ceb627d07357b04545e, a2b01e65d9ba8af2bb086d3b7288ca53a07249ac, e43dd2b1ec746e105b7db5f9ad6ef14685a615a4

Vendor Advisory: https://git.kernel.org/stable/c/3a7c1661ae1383364cd6092d851f5e5da64d476b

Restart Required: Yes

Instructions:

1. Update Linux kernel to a patched version. 2. Check your distribution's security advisories for specific package updates. 3. Reboot the system after kernel update.

🔧 Temporary Workarounds

Disable bridge networking

linux

If bridge networking is not required, disable it to eliminate the vulnerability.

sudo systemctl stop systemd-networkd (if using)
sudo ip link delete br0 (or your bridge name)
Remove bridge configurations from /etc/network/interfaces or network manager

Disable MST on bridges

linux

Disable Multiple Spanning Tree protocol on existing bridges.

sudo brctl stp br0 off
sudo bridge stp br0 off

🧯 If You Can't Patch

Disable bridge networking entirely if not needed
Implement network segmentation to limit blast radius if exploitation occurs

🔍 How to Verify

Check if Vulnerable:

Check if bridge interfaces exist and have STP/MST enabled: ip link show type bridge | grep -A5 -B5 'bridge'

Check Version:

uname -r

Verify Fix Applied:

Check kernel version against patched versions from kernel git repository

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
RCU warning messages in dmesg
Network bridge interface errors

Network Indicators:

Unexpected bridge interface state changes
STP/MST protocol anomalies

SIEM Query:

source="kernel" AND ("RCU" OR "use-after-free" OR "bridge" OR "mst")

📊 Metadata

CVE ID: CVE-2024-36979

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: June 19, 2024

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-36979, you might also want to check these: