CVE-2024-45013
📋 TL;DR
A use-after-free vulnerability in the Linux kernel's NVMe driver allows kernel memory corruption when NVMe controller initialization fails. This affects Linux systems using NVMe storage devices. Attackers could potentially cause kernel panics or achieve local privilege escalation.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation leading to full system compromise via kernel memory corruption.
Likely Case
Kernel panic causing system crash and denial of service when NVMe driver fails to initialize properly.
If Mitigated
System remains stable if NVMe controller initialization succeeds normally.
🎯 Exploit Status
Requires local access and ability to trigger NVMe controller initialization failure.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits 4101af98ab573554c4225e328d506fec2a74bc54 or a54a93d0e3599b05856971734e15418ac551a14c
Vendor Advisory: https://git.kernel.org/stable/c/4101af98ab573554c4225e328d506fec2a74bc54
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Check kernel version with 'uname -r'. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable NVMe keep-alive
linuxPrevent keep-alive work from being scheduled by disabling NVMe keep-alive feature
echo 0 > /sys/module/nvme_core/parameters/keep_alive_tmo
🧯 If You Can't Patch
- Avoid NVMe storage devices or use alternative storage controllers
- Monitor system logs for NVMe initialization failures and restart affected systems
🔍 How to Verify
Check if Vulnerable:
Check kernel version and verify if it includes vulnerable NVMe driver commit 4733b65d82bd without the fix commitsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes either fix commit 4101af98ab573554c4225e328d506fec2a74bc54 or a54a93d0e3599b05856971734e15418ac551a14c📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages related to NVMe driver
- Use-after-free warnings in kernel logs
- NVMe controller initialization failure logs
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("nvme" AND ("panic" OR "use-after-free" OR "controller init failed"))