CVE-2024-46763
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's FOU (Foo over UDP) implementation allows denial of service through kernel panic when shutting down network namespaces or tearing down tunnels. This affects Linux systems using FOU tunnels, primarily in containerized or virtualized environments where network namespaces are frequently created/destroyed.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially disrupting all services on the affected host.
Likely Case
System crash during network namespace teardown or tunnel shutdown operations, causing temporary service disruption until system reboot.
If Mitigated
No impact if FOU tunnels are not used or if systems are patched with proper NULL pointer checks.
🎯 Exploit Status
Exploitation requires ability to trigger FOU tunnel teardown or network namespace dismantle, typically requiring privileged access or specific container orchestration operations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 1df42be305fe478ded1ee0c1d775f4ece713483b, 231c235d2f7a66f018f172e26ffd47c363f244ef, 4494bccb52ffda22ce5a1163a776d970e6229e08, 7e4196935069947d8b70b09c1660b67b067e75cb, c46cd6aaca81040deaea3500ba75126963294bd9
Vendor Advisory: https://git.kernel.org/stable/c/1df42be305fe478ded1ee0c1d775f4ece713483b
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check with your distribution vendor for backported patches. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable FOU tunnels
linuxPrevent use of FOU tunnels which eliminates the vulnerability vector
# Remove FOU module if loaded
sudo rmmod fou
# Blacklist FOU module
echo 'blacklist fou' | sudo tee /etc/modprobe.d/blacklist-fou.conf
🧯 If You Can't Patch
- Avoid using FOU tunnels in production environments
- Minimize network namespace creation/destruction operations on systems with FOU configured
🔍 How to Verify
Check if Vulnerable:
Check if FOU module is loaded and kernel version is vulnerable: lsmod | grep fou && uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits or check with distribution vendor for patch status📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs mentioning 'NULL pointer dereference' in fou_gro_receive
- System crash/reboot logs during network operations
Network Indicators:
- Unexpected system crashes during container/virtual machine network operations
SIEM Query:
event_type:kernel_panic AND message:"fou_gro_receive" OR "NULL pointer dereference" AND module:fou🔗 References
- https://git.kernel.org/stable/c/1df42be305fe478ded1ee0c1d775f4ece713483b
- https://git.kernel.org/stable/c/231c235d2f7a66f018f172e26ffd47c363f244ef
- https://git.kernel.org/stable/c/4494bccb52ffda22ce5a1163a776d970e6229e08
- https://git.kernel.org/stable/c/7e4196935069947d8b70b09c1660b67b067e75cb
- https://git.kernel.org/stable/c/c46cd6aaca81040deaea3500ba75126963294bd9
- https://git.kernel.org/stable/c/d7567f098f54cb53ee3cee1c82e3d0ed9698b6b3
- https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
