CVE-2024-42114
📋 TL;DR
This CVE-2024-42114 is a Linux kernel vulnerability in the cfg80211 WiFi subsystem where an attacker can trigger a soft lockup (denial of service) by setting the NL80211_ATTR_TXQ_QUANTUM attribute to a large value (2^31). This affects systems using the Linux kernel's wireless networking stack, particularly those with WiFi interfaces configured via cfg80211.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Complete system soft lockup requiring hard reboot, causing extended denial of service on affected systems.
Likely Case
Local denial of service on WiFi functionality, potentially affecting network connectivity on the affected interface.
If Mitigated
No impact if the vulnerability is patched or if the system doesn't use cfg80211 WiFi configuration.
🎯 Exploit Status
Exploitation requires CAP_NET_ADMIN privileges or local access to send NL80211 commands. The vulnerability was discovered by syzbot fuzzing.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 33ac5a4eb3d4bea2146658f1b6d1fa86d62d2b22, 3fc06f6d142d2840735543216a60d0a8c345bdec, 80ac0cc9c0bef984e29637b1efa93d7214b42f53, 8a3ac7fb36962c34698f884bd697938054ff2afa, d1cba2ea8121e7fdbe1328cea782876b1dd80993
Vendor Advisory: https://git.kernel.org/stable/c/33ac5a4eb3d4bea2146658f1b6d1fa86d62d2b22
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check your distribution's security advisories for specific patched kernel versions. 3. Reboot the system after kernel update.
🔧 Temporary Workarounds
Restrict CAP_NET_ADMIN capabilities
linuxLimit which users/processes have CAP_NET_ADMIN capability to reduce attack surface.
# Use capabilities framework to restrict CAP_NET_ADMIN
# Example: setcap -r /path/to/binary
# Or use Linux Security Modules like SELinux/AppArmor
Disable WiFi interfaces if not needed
linuxTurn off WiFi interfaces to prevent access to vulnerable cfg80211 subsystem.
ip link set wlan0 down
# Or use rfkill: rfkill block wifi
🧯 If You Can't Patch
- Implement strict access controls to prevent unauthorized users from having CAP_NET_ADMIN capabilities.
- Monitor system logs for signs of soft lockups or unusual WiFi configuration attempts.
🔍 How to Verify
Check if Vulnerable:
Check kernel version and verify if it contains the fix commits. Vulnerable if using kernel version before the fixes were backported.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes one of the fix commits: 33ac5a4eb3d4bea2146658f1b6d1fa86d62d2b22, 3fc06f6d142d2840735543216a60d0a8c345bdec, 80ac0cc9c0bef984e29637b1efa93d7214b42f53, 8a3ac7fb36962c34698f884bd697938054ff2afa, or d1cba2ea8121e7fdbe1328cea782876b1dd80993.📡 Detection & Monitoring
Log Indicators:
- Kernel soft lockup messages in dmesg or syslog
- 'watchdog: BUG: soft lockup' errors
- Unusual WiFi configuration attempts via nl80211
Network Indicators:
- Sudden loss of WiFi connectivity
- Increased system load preceding connectivity loss
SIEM Query:
source="kernel" AND "soft lockup" AND ("cfg80211" OR "nl80211" OR "TXQ_QUANTUM")🔗 References
- https://git.kernel.org/stable/c/33ac5a4eb3d4bea2146658f1b6d1fa86d62d2b22
- https://git.kernel.org/stable/c/3fc06f6d142d2840735543216a60d0a8c345bdec
- https://git.kernel.org/stable/c/80ac0cc9c0bef984e29637b1efa93d7214b42f53
- https://git.kernel.org/stable/c/8a3ac7fb36962c34698f884bd697938054ff2afa
- https://git.kernel.org/stable/c/d1cba2ea8121e7fdbe1328cea782876b1dd80993
- https://git.kernel.org/stable/c/e87c2f098f52aa2fe20258a5bb1738d6a74e9ed7
- https://git.kernel.org/stable/c/d1cba2ea8121e7fdbe1328cea782876b1dd80993
- https://git.kernel.org/stable/c/e87c2f098f52aa2fe20258a5bb1738d6a74e9ed7
- https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
