CVE-2024-42078
📋 TL;DR
A race condition in the Linux kernel's NFS server (nfsd) allows dereferencing an uninitialized mutex when creating new network namespaces, potentially causing kernel oops (crashes). This affects Linux systems running nfsd with network namespace functionality. The vulnerability requires local access to trigger.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially disrupting NFS services and affecting all users of the system.
Likely Case
Local denial of service through kernel oops when creating network namespaces with nfsd running, causing temporary service disruption.
If Mitigated
Minimal impact with proper access controls preventing local users from creating network namespaces.
🎯 Exploit Status
Requires local access and ability to create network namespaces. Race condition makes timing-dependent exploitation more complex.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel trees via commits 7e8b94045bc77ce4f085ddfb9eb04e5760e66169 and e0011bca603c101f2a3c007bdb77f7006fa78fb1
Vendor Advisory: https://git.kernel.org/stable/c/7e8b94045bc77ce4f085ddfb9eb04e5760e66169
Restart Required: Yes
Instructions:
1. Update to a patched kernel version from your distribution's repositories. 2. Reboot the system to load the new kernel. 3. Verify nfsd services restart properly.
🔧 Temporary Workarounds
Disable nfsd service
linuxStop and disable the NFS server if not required
systemctl stop nfs-server
systemctl disable nfs-server
Restrict network namespace creation
linuxLimit which users can create network namespaces using Linux capabilities
setcap cap_sys_admin=ep /usr/bin/unshare
echo 'kernel.unprivileged_userns_clone=0' >> /etc/sysctl.d/99-namespace.conf
sysctl -p /etc/sysctl.d/99-namespace.conf
🧯 If You Can't Patch
- Monitor for kernel oops messages in system logs
- Implement strict access controls to prevent unauthorized users from creating network namespaces
🔍 How to Verify
Check if Vulnerable:
Check if nfsd is running and kernel version is unpatched: 'systemctl status nfs-server' and 'uname -r'Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits and test nfsd functionality after patch📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages in /var/log/kern.log or dmesg output
- NFS service crashes or restarts
Network Indicators:
- Unexpected NFS service interruptions
SIEM Query:
source="kernel" AND "Oops" AND "nfsd" OR source="systemd" AND "nfs-server" AND ("failed" OR "crash")