CVE-2024-42162
📋 TL;DR
This CVE describes an out-of-bounds read vulnerability in the Linux kernel's gve driver when reading NIC statistics. The vulnerability occurs when the driver fails to properly account for stopped queues, potentially accessing invalid memory locations. Systems using affected Linux kernel versions with the gve driver are affected.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system crash leading to denial of service, potentially allowing information disclosure through memory access.
Likely Case
System instability, kernel panic, or denial of service when reading network interface statistics via ethtool.
If Mitigated
Minor system instability that may cause temporary service interruption until system recovery.
🎯 Exploit Status
Exploitation requires ability to trigger statistics reading on affected network interfaces with the gve driver.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel branches via provided git commits
Vendor Advisory: https://git.kernel.org/stable/c/32675d828c8a392e20d5b42375ed112c407e4b62
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Check if gve driver is in use. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable gve driver
linuxPrevent loading of the vulnerable gve driver module
echo 'blacklist gve' >> /etc/modprobe.d/blacklist.conf
rmmod gve
Restrict ethtool access
linuxLimit access to ethtool commands that trigger statistics reading
chmod 750 /sbin/ethtool
setcap cap_net_admin=ep /sbin/ethtool
🧯 If You Can't Patch
- Monitor systems for kernel panics or crashes related to network statistics
- Implement strict access controls to prevent unauthorized users from running ethtool commands
🔍 How to Verify
Check if Vulnerable:
Check if gve driver is loaded: lsmod | grep gve. Check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes patches: grep -i 'gve' /proc/version. Test ethtool statistics reading on gve interfaces.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- OOPs (Out Of Panic) messages in /var/log/kern.log
- System crash reports
Network Indicators:
- Sudden loss of network connectivity on gve interfaces
- Unusual ethtool command patterns
SIEM Query:
source="kern.log" AND ("kernel panic" OR "Oops" OR "gve")