CVE-2024-40978
📋 TL;DR
This CVE describes a kernel crash vulnerability in the Linux kernel's QLogic QEDI iSCSI driver. The vulnerability occurs when reading debugfs attributes, where the driver incorrectly uses sprintf() directly on a user-space pointer, causing a page fault and kernel crash. Systems using the qedi driver with debugfs enabled are affected.
💻 Affected Systems
- Linux kernel with qedi driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially causing data loss or service disruption.
Likely Case
Local denial of service through kernel crash when accessing debugfs attributes.
If Mitigated
No impact if debugfs is disabled or the qedi module is not loaded.
🎯 Exploit Status
Exploitation requires local access to debugfs interface. The crash is triggered by reading specific debugfs files.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 144d76a676b630e321556965011b00e2de0b40a7, 21c963de2e86e88f6a8ca556bcebb8e62ab8e901, 28027ec8e32ecbadcd67623edb290dad61e735b5, 397a8990c377ee4b61d6df768e61dff9e316d46b, 56bec63a7fc87ad50b3373a87517dc9770eef9e0
Vendor Advisory: https://git.kernel.org/stable/c/144d76a676b630e321556965011b00e2de0b40a7
Restart Required: Yes
Instructions:
1. Update to a kernel version containing the fix commits. 2. Check your distribution's security advisories for specific patched versions. 3. Reboot after kernel update.
🔧 Temporary Workarounds
Disable debugfs
linuxUnmount debugfs filesystem to prevent access to vulnerable interface
umount /sys/kernel/debug
Unload qedi module
linuxRemove the vulnerable driver if not needed
modprobe -r qedi
🧯 If You Can't Patch
- Restrict debugfs access to root only using mount options
- Implement strict access controls on /sys/kernel/debug directory
🔍 How to Verify
Check if Vulnerable:
Check if qedi module is loaded: lsmod | grep qedi. Check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits. Test reading debugfs qedi attributes doesn't crash.📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs mentioning qedi_dbg_do_not_recover_cmd_read
- Page fault errors in kernel logs with qedi references
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("qedi" OR "page fault" OR "Oops")🔗 References
- https://git.kernel.org/stable/c/144d76a676b630e321556965011b00e2de0b40a7
- https://git.kernel.org/stable/c/21c963de2e86e88f6a8ca556bcebb8e62ab8e901
- https://git.kernel.org/stable/c/28027ec8e32ecbadcd67623edb290dad61e735b5
- https://git.kernel.org/stable/c/397a8990c377ee4b61d6df768e61dff9e316d46b
- https://git.kernel.org/stable/c/56bec63a7fc87ad50b3373a87517dc9770eef9e0
- https://git.kernel.org/stable/c/e2f433ea7d0ff77998766a088a287337fb43ad75
- https://git.kernel.org/stable/c/eaddb86637669f6bad89245ee63f8fb2bfb50241
- https://git.kernel.org/stable/c/fa85b016a56b9775a3fe41e5d26e666945963b46
- https://git.kernel.org/stable/c/144d76a676b630e321556965011b00e2de0b40a7
- https://git.kernel.org/stable/c/21c963de2e86e88f6a8ca556bcebb8e62ab8e901
- https://git.kernel.org/stable/c/28027ec8e32ecbadcd67623edb290dad61e735b5
- https://git.kernel.org/stable/c/397a8990c377ee4b61d6df768e61dff9e316d46b
- https://git.kernel.org/stable/c/56bec63a7fc87ad50b3373a87517dc9770eef9e0
- https://git.kernel.org/stable/c/e2f433ea7d0ff77998766a088a287337fb43ad75
- https://git.kernel.org/stable/c/eaddb86637669f6bad89245ee63f8fb2bfb50241
- https://git.kernel.org/stable/c/fa85b016a56b9775a3fe41e5d26e666945963b46
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
