CVE-2024-46761
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's PowerNV PCI hotplug driver causes a kernel crash when hot-unplugging PCIe devices on PowerPC systems. This affects Linux systems running on IBM PowerNV platforms with PCI hotplug functionality enabled. The vulnerability allows local attackers with sufficient privileges to crash the system.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to kernel panic causing complete system crash and denial of service, potentially leading to data corruption or loss.
Likely Case
System crash and denial of service when privileged users or processes attempt to hot-unplug PCIe devices on affected PowerNV systems.
If Mitigated
Minimal impact if systems don't use PowerNV PCI hotplug functionality or if users lack privileges to trigger the hot-unplug operation.
🎯 Exploit Status
Exploitation requires local access and privileges to perform PCI hot-unplug operations on PowerNV systems.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel trees (see references)
Vendor Advisory: https://git.kernel.org/stable/c/335e35b748527f0c06ded9eebb65387f60647fda
Restart Required: Yes
Instructions:
1. Update to a patched kernel version from your distribution vendor. 2. For custom kernels, apply the patch from kernel.org stable trees. 3. Rebuild and install the kernel. 4. Reboot the system.
🔧 Temporary Workarounds
Disable PCI hotplug on PowerNV
linuxPrevent the vulnerable code path by disabling PCI hotplug functionality
echo 'blacklist pnv_php' > /etc/modprobe.d/disable-pnv-php.conf
update-initramfs -u
reboot
Restrict PCI device management
linuxLimit user privileges to prevent triggering the hot-unplug operation
Use sudoers or capabilities to restrict access to PCI device management commands
🧯 If You Can't Patch
- Restrict local access to systems and limit user privileges
- Monitor for kernel panic events and implement high availability/failover for critical systems
🔍 How to Verify
Check if Vulnerable:
Check if running on PowerNV platform with pnv_php module loaded: 'uname -m' shows ppc64le AND 'lsmod | grep pnv_php' returns moduleCheck Version:
uname -rVerify Fix Applied:
Check kernel version against patched versions from your distribution vendor or verify the patch is applied in kernel source📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/kern.log or dmesg
- NULL pointer dereference errors mentioning pnv_php or PCI hotplug
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("NULL pointer dereference" OR "kernel panic") AND ("pnv_php" OR "PCI hotplug")🔗 References
- https://git.kernel.org/stable/c/335e35b748527f0c06ded9eebb65387f60647fda
- https://git.kernel.org/stable/c/438d522227374042b5c8798f8ce83bbe479dca4d
- https://git.kernel.org/stable/c/4eb4085c1346d19d4a05c55246eb93e74e671048
- https://git.kernel.org/stable/c/b82d4d5c736f4fd2ed224c35f554f50d1953d21e
- https://git.kernel.org/stable/c/bc1faed19db95abf0933b104910a3fb01b138f59
- https://git.kernel.org/stable/c/bfc44075b19740d372f989f21dd03168bfda0689
- https://git.kernel.org/stable/c/c0d8094dc740cfacf3775bbc6a1c4720459e8de4
- https://git.kernel.org/stable/c/c4c681999d385e28f84808bbf3a85ea8e982da55
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
