CVE-2024-42271
📋 TL;DR
This CVE describes a use-after-free vulnerability in the Linux kernel's IUCV (Inter-User Communication Vehicle) networking subsystem. The flaw occurs when iucv_sock_close() attempts to use a network path that has already been freed by iucv_callback_connrej() in tasklet context, potentially leading to kernel panic. This affects Linux systems using the af_iucv module, particularly those with IUCV networking enabled.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially causing data loss or service disruption.
Likely Case
System crash or instability when IUCV connections are closed under specific timing conditions.
If Mitigated
No impact if IUCV is not used or the system is patched.
🎯 Exploit Status
Exploitation requires triggering the race condition between process context and tasklet context during IUCV connection closure.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel trees via the provided git commit references.
Vendor Advisory: https://git.kernel.org/stable/c/01437282fd3904810603f3dc98d2cac6b8b6fc84
Restart Required: Yes
Instructions:
1. Update Linux kernel to a version containing the fix commits. 2. For distributions: Use vendor-provided kernel updates. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Unload af_iucv module
linuxPrevent vulnerability by unloading the affected kernel module if IUCV functionality is not required.
sudo rmmod af_iucv
Blacklist af_iucv module
linuxPrevent af_iucv module from loading automatically.
echo 'blacklist af_iucv' | sudo tee /etc/modprobe.d/blacklist-af_iucv.conf
🧯 If You Can't Patch
- Ensure IUCV networking is not used if not required for system functionality.
- Monitor systems for kernel panic events and have recovery procedures ready.
🔍 How to Verify
Check if Vulnerable:
Check if af_iucv module is loaded: lsmod | grep af_iucv. If loaded and kernel is unpatched, system may be vulnerable.Check Version:
uname -rVerify Fix Applied:
Check kernel version against patched versions or verify the fix commit is present in kernel source.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages mentioning iucv_sock_close, iucv_path_sever, or af_iucv
- System crash/reboot events
Network Indicators:
- Unusual IUCV connection failures or disruptions
SIEM Query:
event_source="kernel" AND (message CONTAINS "iucv" OR message CONTAINS "af_iucv") AND (message CONTAINS "panic" OR message CONTAINS "Oops")🔗 References
- https://git.kernel.org/stable/c/01437282fd3904810603f3dc98d2cac6b8b6fc84
- https://git.kernel.org/stable/c/37652fbef9809411cea55ea5fa1a170e299efcd0
- https://git.kernel.org/stable/c/69620522c48ce8215e5eb55ffbab8cafee8f407d
- https://git.kernel.org/stable/c/84f40b46787ecb67c7ad08a5bb1376141fa10c01
- https://git.kernel.org/stable/c/8b424c9e44111c5a76f41c6b741f8d4c4179d876
- https://git.kernel.org/stable/c/ac758e1f663fe9bc64f6b47212a2aa18697524f5
- https://git.kernel.org/stable/c/c65f72eec60a34ace031426e04e9aff8e5f04895
- https://git.kernel.org/stable/c/f558120cd709682b739207b48cf7479fd9568431
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
