CVE-2024-38381
📋 TL;DR
This vulnerability in the Linux kernel's NFC (Near Field Communication) subsystem allows uninitialized memory access when processing received packets. Attackers could potentially exploit this to cause kernel crashes or leak sensitive kernel memory. Systems using NFC functionality in affected Linux kernel versions are vulnerable.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, potential information disclosure of kernel memory, or local privilege escalation if combined with other vulnerabilities.
Likely Case
System instability, kernel crashes (denial of service), or information leakage from kernel memory.
If Mitigated
Minimal impact if NFC functionality is disabled or unused, or if proper packet validation is implemented.
🎯 Exploit Status
Requires ability to send malformed NFC packets to the system, typically needing physical proximity or local network access to NFC interfaces.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 017ff397624930fd7ac7f1761f3c9d6a7100f68c, 406cfac9debd4a6d3dc5d9258ee086372a8c08b6, 485ded868ed62ceb2acb3a459d7843fd71472619, ad4d196d2008c7f413167f0a693feb4f0439d7fe, e4a87abf588536d1cdfb128595e6e680af5cf3ed
Vendor Advisory: https://git.kernel.org/stable/c/017ff397624930fd7ac7f1761f3c9d6a7100f68c
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable NFC kernel module
linuxPrevent loading of NFC drivers if not needed
echo 'blacklist nci' >> /etc/modprobe.d/blacklist-nci.conf
rmmod nci 2>/dev/null || true
Restrict NFC device access
linuxLimit which users can access NFC devices
chmod 600 /dev/nfc* 2>/dev/null || true
setfacl -m u:root:rw- /dev/nfc* 2>/dev/null || true
🧯 If You Can't Patch
- Disable all NFC hardware and unload NFC kernel modules
- Implement network segmentation to isolate systems with NFC functionality
🔍 How to Verify
Check if Vulnerable:
Check if NFC modules are loaded: lsmod | grep -i nci && echo 'Potentially vulnerable if kernel not patched'Check Version:
uname -rVerify Fix Applied:
Check kernel version against distribution's security advisories and verify NFC functionality still works properly📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages mentioning nci_rx_work
- System crashes when NFC is in use
- dmesg warnings about uninitialized memory access
Network Indicators:
- Unusual NFC packet patterns if monitored
- Multiple malformed NFC connection attempts
SIEM Query:
source="kernel" AND ("nci" OR "NFC") AND ("panic" OR "oops" OR "uninitialized")🔗 References
- https://git.kernel.org/stable/c/017ff397624930fd7ac7f1761f3c9d6a7100f68c
- https://git.kernel.org/stable/c/406cfac9debd4a6d3dc5d9258ee086372a8c08b6
- https://git.kernel.org/stable/c/485ded868ed62ceb2acb3a459d7843fd71472619
- https://git.kernel.org/stable/c/ad4d196d2008c7f413167f0a693feb4f0439d7fe
- https://git.kernel.org/stable/c/e4a87abf588536d1cdfb128595e6e680af5cf3ed
- https://git.kernel.org/stable/c/e53a7f8afcbd2886f2a94c5d56757328109730ea
- https://git.kernel.org/stable/c/e8c8e0d0d214c877fbad555df5b3ed558cd9b0c3
- https://git.kernel.org/stable/c/f80b786ab0550d0020191a59077b2c7e069db2d1
- https://git.kernel.org/stable/c/017ff397624930fd7ac7f1761f3c9d6a7100f68c
- https://git.kernel.org/stable/c/406cfac9debd4a6d3dc5d9258ee086372a8c08b6
- https://git.kernel.org/stable/c/485ded868ed62ceb2acb3a459d7843fd71472619
- https://git.kernel.org/stable/c/ad4d196d2008c7f413167f0a693feb4f0439d7fe
- https://git.kernel.org/stable/c/e4a87abf588536d1cdfb128595e6e680af5cf3ed
- https://git.kernel.org/stable/c/e53a7f8afcbd2886f2a94c5d56757328109730ea
- https://git.kernel.org/stable/c/e8c8e0d0d214c877fbad555df5b3ed558cd9b0c3
- https://git.kernel.org/stable/c/f80b786ab0550d0020191a59077b2c7e069db2d1
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
