CVE-2024-43836
📋 TL;DR
This CVE describes a null pointer dereference vulnerability in the Linux kernel's ethtool PSE-PD subsystem. When a Power Sourcing Equipment (PSE) supports both IEEE 802.3c33 and PoDL (Power over Data Line) standards, but only one netlink attribute is specified during configuration, the kernel may dereference a null pointer, potentially causing a kernel panic or system crash. This affects Linux systems with vulnerable kernel versions that use ethtool for network interface configuration.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially requiring physical or remote console access to reboot the system.
Likely Case
System crash or kernel panic when configuring PSE settings via ethtool, resulting in temporary denial of service until system reboot.
If Mitigated
No impact if the vulnerable code path is not triggered through ethtool configuration operations.
🎯 Exploit Status
Exploitation requires local access with CAP_NET_ADMIN capabilities or root privileges to execute ethtool commands. The vulnerability is triggered during specific configuration operations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel trees via commits 4cddb0f15ea9c62f81b4889ea69a99368cc63a86 and e187690b125a297499eadeec53c32c5ed6d7436a
Vendor Advisory: https://git.kernel.org/stable/c/4cddb0f15ea9c62f81b4889ea69a99368cc63a86
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check with your distribution vendor for specific patched kernel versions. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Restrict ethtool access
linuxLimit access to ethtool command to prevent triggering the vulnerability
chmod 750 /sbin/ethtool
setcap -r /sbin/ethtool
Remove CAP_NET_ADMIN from non-essential users
Avoid PSE configuration
linuxDo not configure PSE settings via ethtool until patched
Avoid using 'ethtool --set-pse' commands
🧯 If You Can't Patch
- Restrict user access to ethtool binary and remove CAP_NET_ADMIN capabilities from non-essential users
- Implement monitoring for ethtool usage and system crashes, with alerting for potential exploitation attempts
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if it contains the fix commits: 'uname -r' and verify with distribution vendorCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated and test ethtool PSE configuration functionality📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs in /var/log/messages or journalctl
- System crash/reboot events
- ethtool command execution in audit logs
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
Search for: 'kernel panic', 'Oops', 'ethtool', 'PSE' in system logs