Login Sign Up

CVE-2024-38568

7.8 HIGH
Denial of Service

📋 TL;DR

This CVE describes an out-of-bounds write vulnerability in the HNS3 network driver in the Linux kernel's performance monitoring subsystem. Attackers with local access can trigger memory corruption by creating event groups with more than 9 events through the perf tool. This affects Linux systems using the HNS3 driver for HiSilicon network hardware.

💻 Affected Systems

Products:
  • Linux kernel with HNS3 network driver
Versions: Kernel versions before fixes in stable releases (specific commits listed in references)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires HNS3 driver for HiSilicon network hardware and perf tool access. Not all Linux systems use this specific driver.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel memory corruption leading to privilege escalation, denial of service, or arbitrary code execution in kernel context.

🟠

Likely Case

Kernel panic or system crash causing denial of service, potentially requiring physical access to restart.

🟢

If Mitigated

Limited to denial of service if proper access controls prevent unauthorized users from using perf tool.

🌐 Internet-Facing: LOW - Requires local access to exploit via perf tool.
🏢 Internal Only: MEDIUM - Local users or compromised accounts could exploit this to crash systems or potentially escalate privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and ability to run perf commands. Exploit would need to craft specific event groups to trigger overflow.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commits: 3669baf308308385a2ab391324abdde5682af5aa, 81bdd60a3d1d3b05e6cc6674845afb1694dd3a0e, aa2d3d678895c8eedd003f1473f87d3f06fe6ec7, b5120d322763c15c978bc47beb3b6dff45624304, be1fa711e59c874d049f592aef1d4685bdd22bdf

Vendor Advisory: https://git.kernel.org/stable/c/

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Restrict perf tool access

linux

Limit which users can execute perf commands to prevent exploitation

chmod 750 /usr/bin/perf
setcap -r /usr/bin/perf
Use sudoers to restrict perf usage

Disable HNS3 driver if not needed

linux

Remove or blacklist the HNS3 driver if HiSilicon hardware is not used

echo 'blacklist hns3' >> /etc/modprobe.d/blacklist.conf
rmmod hns3

🧯 If You Can't Patch

  • Restrict local user access and monitor for unauthorized perf usage
  • Implement strict privilege separation and limit perf tool to trusted administrators only

🔍 How to Verify

Check if Vulnerable:

Check if HNS3 driver is loaded: lsmod | grep hns3. Check kernel version against patched versions.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits. Test perf with event groups >9 events to ensure no crash.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • OOM killer messages related to perf
  • System crash/reboot events

Network Indicators:

  • None - local exploit only

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "general protection fault") AND process="perf"

📊 Metadata

CVE ID: CVE-2024-38568
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-129
Published: June 19, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-38568, you might also want to check these:

CVE-2020-27483 9.9

This vulnerability in Garmin Forerunner 235 devices allows attackers to potentially execute arbitrar...

Same vulnerability type (CWE-129)
CVE-2020-27485 9.9

This vulnerability in Garmin Forerunner 235 devices allows malicious ConnectIQ store applications to...

Same vulnerability type (CWE-129)
CVE-2021-38563 9.8

This vulnerability in Foxit PDF software allows attackers to trigger memory corruption through malfo...

Same vulnerability type (CWE-129)