CVE-2024-38659
📋 TL;DR
This vulnerability in the Linux kernel's enic driver allows out-of-bounds read access when processing network link attributes. Attackers with local access could potentially read kernel memory, leading to information disclosure or system crashes. Systems using Cisco VIC Ethernet NICs with the enic driver are affected.
💻 Affected Systems
- Linux kernel with enic driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel memory disclosure leading to privilege escalation or system crash via kernel panic.
Likely Case
Information disclosure of kernel memory contents or system instability/crash.
If Mitigated
Limited impact if proper access controls prevent local attackers from accessing network configuration interfaces.
🎯 Exploit Status
Requires local access and ability to manipulate network link attributes via rtnetlink.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel with commits 25571a12fbc8a1283bd8380d461267956fd426f7 or later
Vendor Advisory: https://git.kernel.org/stable/c/25571a12fbc8a1283bd8380d461267956fd426f7
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load new kernel. 3. Verify enic driver is using patched code.
🔧 Temporary Workarounds
Disable VF port configuration
linuxPrevent configuration of virtual function ports via rtnetlink
echo 0 > /sys/class/net/[interface]/device/sriov_numvfs
Restrict rtnetlink access
linuxLimit which users can modify network configurations via capability restrictions
setcap -r /sbin/ip
chmod 750 /sbin/ip
🧯 If You Can't Patch
- Restrict local user access to systems with Cisco VIC hardware
- Implement strict capability controls for network configuration tools
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if enic driver is loaded: lsmod | grep enic && uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits and enic driver version📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages
- System crashes when configuring VF ports
- Unexpected memory access errors in kernel logs
Network Indicators:
- Abnormal rtnetlink traffic from unauthorized users
SIEM Query:
source="kernel" AND ("enic" OR "out of bounds" OR "general protection fault")🔗 References
- https://git.kernel.org/stable/c/25571a12fbc8a1283bd8380d461267956fd426f7
- https://git.kernel.org/stable/c/2b649d7e0cb42a660f0260ef25fd55fdc9c6c600
- https://git.kernel.org/stable/c/3c0d36972edbe56fcf98899622d9b90ac9965227
- https://git.kernel.org/stable/c/7077c22f84f41974a711604a42fd0e0684232ee5
- https://git.kernel.org/stable/c/aee1955a1509a921c05c70dad5d6fc8563dfcb31
- https://git.kernel.org/stable/c/ca63fb7af9d3e531aa25f7ae187bfc6c7166ec2d
- https://git.kernel.org/stable/c/e8021b94b0412c37bcc79027c2e382086b6ce449
- https://git.kernel.org/stable/c/f6638e955ca00c489894789492776842e102af9c
- https://git.kernel.org/stable/c/25571a12fbc8a1283bd8380d461267956fd426f7
- https://git.kernel.org/stable/c/2b649d7e0cb42a660f0260ef25fd55fdc9c6c600
- https://git.kernel.org/stable/c/3c0d36972edbe56fcf98899622d9b90ac9965227
- https://git.kernel.org/stable/c/7077c22f84f41974a711604a42fd0e0684232ee5
- https://git.kernel.org/stable/c/aee1955a1509a921c05c70dad5d6fc8563dfcb31
- https://git.kernel.org/stable/c/ca63fb7af9d3e531aa25f7ae187bfc6c7166ec2d
- https://git.kernel.org/stable/c/e8021b94b0412c37bcc79027c2e382086b6ce449
- https://git.kernel.org/stable/c/f6638e955ca00c489894789492776842e102af9c
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
