CVE-2024-46782
📋 TL;DR
A use-after-free vulnerability in the Linux kernel's ILA (Identifier Locator Addressing) subsystem allows an attacker to cause a kernel crash or potentially execute arbitrary code. The vulnerability occurs when network hooks are unregistered after freeing a rhashtable, leading to memory corruption. This affects Linux systems with ILA functionality enabled.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, or potential privilege escalation to kernel-level code execution.
Likely Case
Kernel crash causing denial of service on affected systems.
If Mitigated
No impact if ILA functionality is disabled or systems are patched.
🎯 Exploit Status
Exploitation requires network access to trigger the ILA functionality. The vulnerability was discovered through syzkaller fuzzing.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits 031ae72825cef43e4650140b800ad58bf7a6a466 or later
Vendor Advisory: https://git.kernel.org/stable/c/031ae72825cef43e4650140b800ad58bf7a6a466
Restart Required: Yes
Instructions:
1. Update to a patched kernel version from your distribution's repositories. 2. Reboot the system to load the new kernel.
🔧 Temporary Workarounds
Disable ILA functionality
linuxRemove or disable the ILA kernel module if not required.
modprobe -r ila
echo 'blacklist ila' >> /etc/modprobe.d/blacklist.conf
🧯 If You Can't Patch
- Disable ILA functionality if not required
- Implement network segmentation to limit access to systems with ILA enabled
🔍 How to Verify
Check if Vulnerable:
Check if ILA module is loaded: lsmod | grep ila. If loaded and kernel version is unpatched, system is vulnerable.Check Version:
uname -rVerify Fix Applied:
Check kernel version is patched: uname -r and verify against distribution security advisories.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- KASAN use-after-free reports in dmesg
- System crashes
Network Indicators:
- Unusual ILA-related network traffic patterns
SIEM Query:
source="kernel" AND ("KASAN" OR "use-after-free" OR "ila")🔗 References
- https://git.kernel.org/stable/c/031ae72825cef43e4650140b800ad58bf7a6a466
- https://git.kernel.org/stable/c/18a5a16940464b301ea91bf5da3a324aedb347b2
- https://git.kernel.org/stable/c/43d34110882b97ba1ec66cc8234b18983efb9abf
- https://git.kernel.org/stable/c/47abd8adddbc0aecb8f231269ef659148d5dabe4
- https://git.kernel.org/stable/c/925c18a7cff93d8a4320d652351294ff7d0ac93c
- https://git.kernel.org/stable/c/93ee345ba349922834e6a9d1dadabaedcc12dce6
- https://git.kernel.org/stable/c/bda4d84ac0d5421b346faee720011f58bdb99673
- https://git.kernel.org/stable/c/dcaf4e2216824839d26727a15b638c6a677bd9fc
- https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
