CVE-2024-42134
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's virtio-pci driver allows local attackers to crash the guest system by triggering a kernel panic. This affects Linux systems using virtio-pci with legacy mode, particularly in virtualization environments like KVM/QEMU.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to complete system crash and denial of service, potentially causing data loss or service disruption.
Likely Case
Guest system crash when attaching virtio devices via virsh or similar management tools, resulting in temporary denial of service.
If Mitigated
No impact if patched or if vulnerable configurations are avoided.
🎯 Exploit Status
Exploitation requires ability to attach virtio devices to guest VMs, typically requiring hypervisor administrator privileges.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 5e2024b0b9b3d5709e3f7e9b92951d7e29154106 and c8fae27d141a32a1624d0d0d5419d94252824498
Vendor Advisory: https://git.kernel.org/stable/c/5e2024b0b9b3d5709e3f7e9b92951d7e29154106
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Avoid virtio-pci legacy mode
linuxUse modern virtio-pci mode instead of legacy mode where possible
Restrict virsh device attachment
linuxLimit who can attach virtio devices to guest VMs
🧯 If You Can't Patch
- Avoid attaching virtio devices to guest VMs using virsh or similar tools
- Monitor for kernel panic events and have recovery procedures ready
🔍 How to Verify
Check if Vulnerable:
Check if kernel version is before fix commits. Test by attempting to attach virtio device with virsh: 'virsh attach-device <domain> <device.xml>' and monitor for crash.Check Version:
uname -rVerify Fix Applied:
After patching, test virsh device attachment and verify system remains stable. Check kernel logs for NULL pointer dereference errors.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- NULL pointer dereference errors in kernel logs
- System crash/reboot events
Network Indicators:
- Unusual virtio device attachment patterns
SIEM Query:
source="kernel" AND ("NULL pointer dereference" OR "kernel panic" OR "Oops") AND "virtio"