CVE-2024-45021
📋 TL;DR
This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's memory controller (memcg) event control interface. An attacker with local user access can trigger a kernel oops (crash) by writing malformed data to the memcg event control file. This affects Linux systems with memory cgroups enabled.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local denial of service causing kernel panic and system crash, potentially leading to data loss or service disruption.
Likely Case
Local denial of service causing kernel oops and temporary system instability, requiring reboot to restore normal operation.
If Mitigated
Minimal impact if proper access controls restrict write access to memcg event control files to privileged users only.
🎯 Exploit Status
Exploitation requires local user access and ability to write to memcg event control files. The vulnerability is straightforward to trigger with crafted input.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel trees (commits referenced in CVE). Specific kernel version numbers depend on distribution backports.
Vendor Advisory: https://git.kernel.org/stable/c/046667c4d3196938e992fba0dfcde570aa85cd0e
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. For custom kernels, apply commits from stable kernel tree. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Restrict memcg event control access
linuxLimit write access to memcg event control files to root only
chmod 600 /sys/fs/cgroup/memory/*/memory.pressure_level
chown root:root /sys/fs/cgroup/memory/*/memory.pressure_level
Disable memory cgroups
linuxRemove memory cgroup support if not required (not recommended for production)
Add 'cgroup_disable=memory' to kernel boot parameters
🧯 If You Can't Patch
- Implement strict access controls on /sys/fs/cgroup/memory directories
- Monitor system logs for kernel oops messages and investigate any local user triggering them
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare with distribution's patched versions. Vulnerable if using unpatched kernel with memory cgroups enabled.Check Version:
uname -rVerify Fix Applied:
Verify kernel version after update matches patched version from vendor advisory. Check that /sys/fs/cgroup/memory exists and system remains stable.📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages in /var/log/kern.log or dmesg output
- Unexpected system crashes or reboots
Network Indicators:
- None - local exploitation only
SIEM Query:
source="kern.log" AND "Oops" AND "memcg" OR source="dmesg" AND "general protection fault"🔗 References
- https://git.kernel.org/stable/c/046667c4d3196938e992fba0dfcde570aa85cd0e
- https://git.kernel.org/stable/c/0fbe2a72e853a1052abe9bc2b7df8ddb102da227
- https://git.kernel.org/stable/c/1b37ec85ad95b612307627758c6018cd9d92cca8
- https://git.kernel.org/stable/c/21b578f1d599edb87462f11113c5b0fc7a04ac61
- https://git.kernel.org/stable/c/43768fa80fd192558737e24ed6548f74554611d7
- https://git.kernel.org/stable/c/ad149f5585345e383baa65f1539d816cd715fd3b
- https://git.kernel.org/stable/c/f1aa7c509aa766080db7ab3aec2e31b1df09e57c
- https://git.kernel.org/stable/c/fa5bfdf6cb5846a00e712d630a43e3cf55ccb411
- https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
