CVE-2024-46676
📋 TL;DR
A division-by-zero vulnerability in the Linux kernel's NFC subsystem allows local attackers to cause a kernel panic (denial of service) by sending specially crafted Netlink messages. This affects systems with NFC hardware using the pn533 driver. The vulnerability requires local access or ability to send Netlink messages to the NFC subsystem.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially requiring physical reboot.
Likely Case
Local denial of service through kernel panic, disrupting NFC functionality and potentially affecting system stability.
If Mitigated
Minimal impact if proper access controls prevent unauthorized users from sending Netlink messages to the NFC subsystem.
🎯 Exploit Status
Exploitation requires ability to send NFC_CMD_START_POLL Netlink messages with im_protocols=1 and tm_protocols=0.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 56ad559cf6d87f250a8d203b555dfc3716afa946, 64513d0e546a1f19e390f7e5eba3872bfcbdacf5, 7535db0624a2dede374c42040808ad9a9101d723, 7ecd3dd4f8eecd3309432156ccfe24768e009ec4, 8ddaea033de051ed61b39f6b69ad54a411172b33
Vendor Advisory: https://git.kernel.org/stable/c/56ad559cf6d87f250a8d203b555dfc3716afa946
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check your distribution's security advisories for specific patched versions. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable NFC subsystem
linuxRemove or blacklist NFC modules to prevent access to vulnerable code path.
echo 'blacklist nfc' >> /etc/modprobe.d/blacklist-nfc.conf
rmmod nfc pn533
Restrict Netlink access
linuxUse SELinux/AppArmor or capabilities to restrict which users/processes can send NFC Netlink messages.
🧯 If You Can't Patch
- Disable NFC functionality if not required
- Implement strict access controls to prevent unauthorized users from interacting with NFC subsystem
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if NFC modules are loaded: 'lsmod | grep -E "(nfc|pn533)"' and 'uname -r'Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits or is newer than vulnerable versions. Check distribution security advisories.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- NFC subsystem errors
- Division by zero kernel oops
SIEM Query:
source="kernel" AND ("division by zero" OR "kernel panic" OR "nfc")🔗 References
- https://git.kernel.org/stable/c/56ad559cf6d87f250a8d203b555dfc3716afa946
- https://git.kernel.org/stable/c/64513d0e546a1f19e390f7e5eba3872bfcbdacf5
- https://git.kernel.org/stable/c/7535db0624a2dede374c42040808ad9a9101d723
- https://git.kernel.org/stable/c/7ecd3dd4f8eecd3309432156ccfe24768e009ec4
- https://git.kernel.org/stable/c/8ddaea033de051ed61b39f6b69ad54a411172b33
- https://git.kernel.org/stable/c/c5e05237444f32f6cfe5d907603a232c77a08b31
- https://git.kernel.org/stable/c/febccb39255f9df35527b88c953b2e0deae50e53
- https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
