CVE-2024-38637
📋 TL;DR
This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's Greybus lights subsystem. If exploited, it could cause a kernel panic or system crash, affecting systems using Greybus hardware interfaces (typically embedded/IoT devices). The vulnerability occurs when the system fails to validate return values from the get_channel_from_mode function before using them.
💻 Affected Systems
- Linux kernel with Greybus subsystem enabled
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially requiring physical restart of affected devices.
Likely Case
System instability or crash when specific Greybus lighting operations are performed, resulting in temporary denial of service.
If Mitigated
No impact if the vulnerable code path isn't triggered or if proper input validation prevents the condition.
🎯 Exploit Status
Exploitation requires ability to trigger specific Greybus lighting operations. No known public exploits exist.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 330f6bcdcef03f70f81db5f2ed6747af656a09f2, 518e2c46b5dbce40b1aa0100001d03c3ceaa7d38, 895cdd9aa9546523df839f9cc1488a0ecc1e0731, 8f4a76d477f0cc3c54d512f07f6f88c8e1c1e07b, 9b41a9b9c8be8c552f10633453fdb509e83b66f8
Vendor Advisory: https://git.kernel.org/stable/c/330f6bcdcef03f70f81db5f2ed6747af656a09f2
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable Greybus subsystem
linuxRemove or disable Greybus kernel module if not required
modprobe -r gb-lights
echo 'blacklist gb-lights' >> /etc/modprobe.d/blacklist.conf
🧯 If You Can't Patch
- Restrict access to systems with Greybus hardware to trusted users only
- Monitor system logs for kernel panic/crash events related to Greybus operations
🔍 How to Verify
Check if Vulnerable:
Check if Greybus lights module is loaded: lsmod | grep gb-lights AND check kernel version against patched versionsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits and Greybus module loads without issues📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- NULL pointer dereference errors in dmesg/kernel logs
- System crash/reboot events
Network Indicators:
- None - this is a local kernel vulnerability
SIEM Query:
source="kernel" AND ("NULL pointer dereference" OR "kernel panic" OR "gb-lights")🔗 References
- https://git.kernel.org/stable/c/330f6bcdcef03f70f81db5f2ed6747af656a09f2
- https://git.kernel.org/stable/c/518e2c46b5dbce40b1aa0100001d03c3ceaa7d38
- https://git.kernel.org/stable/c/895cdd9aa9546523df839f9cc1488a0ecc1e0731
- https://git.kernel.org/stable/c/8f4a76d477f0cc3c54d512f07f6f88c8e1c1e07b
- https://git.kernel.org/stable/c/9b41a9b9c8be8c552f10633453fdb509e83b66f8
- https://git.kernel.org/stable/c/a1ba19a1ae7cd1e324685ded4ab563e78fe68648
- https://git.kernel.org/stable/c/e2c64246e5dc8c0d35ec41770b85e2b4cafdff21
- https://git.kernel.org/stable/c/eac10cf3a97ffd4b4deb0a29f57c118225a42850
- https://git.kernel.org/stable/c/330f6bcdcef03f70f81db5f2ed6747af656a09f2
- https://git.kernel.org/stable/c/518e2c46b5dbce40b1aa0100001d03c3ceaa7d38
- https://git.kernel.org/stable/c/895cdd9aa9546523df839f9cc1488a0ecc1e0731
- https://git.kernel.org/stable/c/8f4a76d477f0cc3c54d512f07f6f88c8e1c1e07b
- https://git.kernel.org/stable/c/9b41a9b9c8be8c552f10633453fdb509e83b66f8
- https://git.kernel.org/stable/c/a1ba19a1ae7cd1e324685ded4ab563e78fe68648
- https://git.kernel.org/stable/c/e2c64246e5dc8c0d35ec41770b85e2b4cafdff21
- https://git.kernel.org/stable/c/eac10cf3a97ffd4b4deb0a29f57c118225a42850
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
