CVE-2024-42286
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's QLogic Fibre Channel driver (qla2xxx) can cause kernel crashes when NVMe over Fabrics registration fails. This affects systems using QLogic FC HBAs with NVMe functionality. The vulnerability requires local access to trigger.
💻 Affected Systems
- Linux kernel with qla2xxx driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially causing data loss or service disruption.
Likely Case
System crash during driver initialization or FC port registration, requiring reboot to restore functionality.
If Mitigated
Minimal impact with proper kernel hardening and crash recovery mechanisms in place.
🎯 Exploit Status
Exploitation requires ability to trigger driver failure conditions, typically through local access or misconfiguration.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 3eac973eb5cb2b874b3918f924798afc5affd46b, 549aac9655320c9b245a24271b204668c5d40430, 7cec2c3bfe84539c415f5e16f989228eba1d2f1e, a3ab508a4853a9f5ae25a7816a4889f09938f63c, cde43031df533751b4ead37d173922feee2f550f
Vendor Advisory: https://git.kernel.org/stable/c/3eac973eb5cb2b874b3918f924798afc5affd46b
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing fixes. 2. Reboot system. 3. Verify driver loads without errors.
🔧 Temporary Workarounds
Disable NVMe over Fabrics
linuxPrevent qla2xxx driver from using NVMe functionality
modprobe -r qla2xxx
modprobe qla2xxx ql2xnvmeenable=0
Blacklist qla2xxx driver
linuxPrevent loading of vulnerable driver module
echo 'blacklist qla2xxx' >> /etc/modprobe.d/blacklist.conf
🧯 If You Can't Patch
- Restrict local access to systems with QLogic FC HBAs
- Implement kernel crash recovery and monitoring for system stability
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if qla2xxx module is loaded: lsmod | grep qla2xxx && uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is patched and driver loads without 'register_localport failed' errors in dmesg📡 Detection & Monitoring
Log Indicators:
- kernel: BUG: unable to handle kernel NULL pointer dereference
- qla2xxx: register_localport failed
- kernel panic related to qla2xxx or nvme_fc
Network Indicators:
- Unexpected FC port disconnections or registration failures
SIEM Query:
source="kernel" AND ("NULL pointer dereference" OR "qla2xxx" OR "register_localport failed")🔗 References
- https://git.kernel.org/stable/c/3eac973eb5cb2b874b3918f924798afc5affd46b
- https://git.kernel.org/stable/c/549aac9655320c9b245a24271b204668c5d40430
- https://git.kernel.org/stable/c/7cec2c3bfe84539c415f5e16f989228eba1d2f1e
- https://git.kernel.org/stable/c/a3ab508a4853a9f5ae25a7816a4889f09938f63c
- https://git.kernel.org/stable/c/cde43031df533751b4ead37d173922feee2f550f
- https://git.kernel.org/stable/c/e1f010844443c389bc552884ac5cfa47de34d54c
- https://git.kernel.org/stable/c/eb1d4ce2609584eeb7694866f34d4b213caa3af9
- https://git.kernel.org/stable/c/f6be298cc1042f24d521197af29c7c4eb95af4d5
- https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
