CVE-2024-40919
📋 TL;DR
A NULL pointer dereference vulnerability exists in the bnxt_en driver of the Linux kernel when logging firmware messages. This occurs when a token is released due to deferred state but still referenced in log messages, potentially causing kernel crashes or denial of service. Systems using Broadcom NetXtreme-E network adapters with vulnerable Linux kernel versions are affected.
💻 Affected Systems
- Linux kernel with bnxt_en driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, requiring physical or remote console access to reboot.
Likely Case
System instability or crash when specific firmware conditions trigger the NULL pointer dereference during network operations.
If Mitigated
Minor performance impact or error logging when firmware returns HWRM_ERR_CODE_PF_UNAVAILABLE error code.
🎯 Exploit Status
Exploitation requires specific firmware conditions and local access. No known public exploits exist.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits 8b65eaeae88d4e9f999e806e196dd887b90bfed9, a9b9741854a9fe9df948af49ca5514e0ed0429df, ca6660c956242623b4cfe9be2a1abc67907c44bf, cde177fa235cd36f981012504a6376315bac03c9
Vendor Advisory: https://git.kernel.org/stable/c/8b65eaeae88d4e9f999e806e196dd887b90bfed9
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify bnxt_en driver is loaded with patched code.
🔧 Temporary Workarounds
Disable bnxt_en driver
linuxTemporarily disable the vulnerable network driver if alternative networking is available
modprobe -r bnxt_en
echo 'blacklist bnxt_en' >> /etc/modprobe.d/blacklist.conf
🧯 If You Can't Patch
- Ensure systems have proper backups and recovery procedures in case of crashes
- Monitor system logs for kernel panic or NULL pointer dereference messages
🔍 How to Verify
Check if Vulnerable:
Check kernel version and verify if bnxt_en driver is loaded: lsmod | grep bnxt_en && uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated and check driver version: modinfo bnxt_en | grep version📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- NULL pointer dereference in dmesg
- bnxt_en driver error logs
Network Indicators:
- Sudden network interface drops on systems with Broadcom NICs
SIEM Query:
source="kernel" AND ("NULL pointer dereference" OR "bnxt_en" OR "kernel panic")🔗 References
- https://git.kernel.org/stable/c/8b65eaeae88d4e9f999e806e196dd887b90bfed9
- https://git.kernel.org/stable/c/a9b9741854a9fe9df948af49ca5514e0ed0429df
- https://git.kernel.org/stable/c/ca6660c956242623b4cfe9be2a1abc67907c44bf
- https://git.kernel.org/stable/c/cde177fa235cd36f981012504a6376315bac03c9
- https://git.kernel.org/stable/c/8b65eaeae88d4e9f999e806e196dd887b90bfed9
- https://git.kernel.org/stable/c/a9b9741854a9fe9df948af49ca5514e0ed0429df
- https://git.kernel.org/stable/c/ca6660c956242623b4cfe9be2a1abc67907c44bf
- https://git.kernel.org/stable/c/cde177fa235cd36f981012504a6376315bac03c9
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
