CVE-2024-46766
📋 TL;DR
This CVE describes a kernel memory corruption vulnerability in the Intel Ethernet Controller (ice) driver for Linux. It allows out-of-bounds writes when handling network queue assignments, potentially leading to kernel crashes or privilege escalation. Systems using affected Intel network hardware with vulnerable kernel versions are affected.
💻 Affected Systems
- Linux kernel with Intel Ethernet Controller (ice) driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, or potential privilege escalation to root via kernel memory corruption.
Likely Case
System instability, kernel crashes, or denial of service during network interface operations.
If Mitigated
Minor performance impact from proper locking, no security impact.
🎯 Exploit Status
Exploitation requires ability to trigger network interface operations (like resets or interface management). The KASAN trace shows the bug was discovered during testing.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in kernel commits 2285c2faef19ee08a6bd6754f4c3ec07dceb2889 and 2a5dc090b92cfa5270e20056074241c6db5c9cdd
Vendor Advisory: https://git.kernel.org/stable/c/2285c2faef19ee08a6bd6754f4c3ec07dceb2889
Restart Required: Yes
Instructions:
1. Update to a kernel version containing the fix commits. 2. Rebuild kernel if compiling from source. 3. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Disable XDP on ice interfaces
linuxPrevent XDP queue inclusion that triggers the out-of-bounds write
ip link set dev <interface> xdp off
Avoid network interface resets
linuxPrevent triggering the vulnerable code path during VSI rebuild
🧯 If You Can't Patch
- Restrict access to network interface management operations to privileged users only
- Monitor for kernel panic logs related to ice driver or KASAN out-of-bounds write reports
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if ice driver is loaded: 'uname -r' and 'lsmod | grep ice'Check Version:
uname -rVerify Fix Applied:
Verify kernel version is newer than vulnerable versions and check for presence of fix commits in kernel source📡 Detection & Monitoring
Log Indicators:
- KASAN: slab-out-bounds in netif_queue_set_napi
- BUG: kernel NULL pointer dereference in ice driver
- kernel panic with ice module in backtrace
Network Indicators:
- Unexpected network interface resets or disconnections
SIEM Query:
source="kernel" AND ("KASAN: slab-out-bounds" OR "ice_vsi" OR "netif_queue_set_napi")