CVE-2024-38559
📋 TL;DR
This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's QLogic FastLinQ 4xxxx Ethernet Controller driver (qedf). An attacker with local access could trigger an out-of-bounds read by providing untrusted input, potentially causing kernel panic or information disclosure. Systems using affected kernel versions with the qedf module loaded are vulnerable.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation leading to full system compromise or denial of service through kernel panic.
Likely Case
Local denial of service (system crash) or information disclosure from kernel memory.
If Mitigated
Minimal impact if proper access controls restrict local user privileges and the qedf module is not loaded.
🎯 Exploit Status
Exploitation requires local access and knowledge of driver interaction. No public exploits known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing the fix commits (e.g., 177f43c6892e6055de6541fe9391a8a3d1f95fc9)
Vendor Advisory: https://git.kernel.org/stable/c/177f43c6892e6055de6541fe9391a8a3d1f95fc9
Restart Required: Yes
Instructions:
1. Update Linux kernel to a patched version from your distribution vendor. 2. Reboot the system to load the new kernel.
🔧 Temporary Workarounds
Unload qedf module
linuxRemove the vulnerable kernel module if not needed
sudo rmmod qedf
Blacklist qedf module
linuxPrevent the module from loading automatically
echo 'blacklist qedf' | sudo tee /etc/modprobe.d/blacklist-qedf.conf
🧯 If You Can't Patch
- Restrict local user access to prevent untrusted users from interacting with the driver.
- Monitor system logs for kernel panic events or unusual driver behavior.
🔍 How to Verify
Check if Vulnerable:
Check if qedf module is loaded: lsmod | grep qedf. If loaded and kernel version is unpatched, system is vulnerable.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commit: grep -q '177f43c6892e6055de6541fe9391a8a3d1f95fc9' /proc/version_signature (if available) or check distribution patch notes.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/kern.log or dmesg
- OOB read errors related to qedf driver
SIEM Query:
source="kern.log" AND "qedf" AND ("panic" OR "OOB" OR "out of bounds")🔗 References
- https://git.kernel.org/stable/c/177f43c6892e6055de6541fe9391a8a3d1f95fc9
- https://git.kernel.org/stable/c/1f84a2744ad813be23fc4be99fb74bfb24aadb95
- https://git.kernel.org/stable/c/4907f5ad246fa9b51093ed7dfc7da9ebbd3f20b8
- https://git.kernel.org/stable/c/563e609275927c0b75fbfd0d90441543aa7b5e0d
- https://git.kernel.org/stable/c/769b9fd2af02c069451fe9108dba73355d9a021c
- https://git.kernel.org/stable/c/a75001678e1d38aa607d5b898ec7ff8ed0700d59
- https://git.kernel.org/stable/c/d0184a375ee797eb657d74861ba0935b6e405c62
- https://git.kernel.org/stable/c/d93318f19d1e1a6d5f04f5d965eaa9055bb7c613
- https://git.kernel.org/stable/c/dccd97b39ab2f2b1b9a47a1394647a4d65815255
- https://git.kernel.org/stable/c/177f43c6892e6055de6541fe9391a8a3d1f95fc9
- https://git.kernel.org/stable/c/1f84a2744ad813be23fc4be99fb74bfb24aadb95
- https://git.kernel.org/stable/c/4907f5ad246fa9b51093ed7dfc7da9ebbd3f20b8
- https://git.kernel.org/stable/c/563e609275927c0b75fbfd0d90441543aa7b5e0d
- https://git.kernel.org/stable/c/769b9fd2af02c069451fe9108dba73355d9a021c
- https://git.kernel.org/stable/c/a75001678e1d38aa607d5b898ec7ff8ed0700d59
- https://git.kernel.org/stable/c/d0184a375ee797eb657d74861ba0935b6e405c62
- https://git.kernel.org/stable/c/d93318f19d1e1a6d5f04f5d965eaa9055bb7c613
- https://git.kernel.org/stable/c/dccd97b39ab2f2b1b9a47a1394647a4d65815255
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
