CVE-2024-46800
📋 TL;DR
This CVE describes a use-after-free vulnerability in the Linux kernel's netem queuing discipline. When specific traffic control configurations are used, improper handling of stolen packets can lead to memory corruption, potentially allowing local privilege escalation or denial of service. Systems running affected Linux kernel versions with netem qdisc configurations are vulnerable.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to root, kernel panic causing system crash, or arbitrary code execution in kernel context.
Likely Case
Kernel panic leading to denial of service or system instability when specific traffic control rules are applied.
If Mitigated
No impact if netem qdisc is not configured or if systems are patched.
🎯 Exploit Status
Exploit requires local access and specific traffic control configuration. The CVE includes trigger commands that demonstrate the bug.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 14f91ab8d391f249b845916820a56f42cf747241, 295ad5afd9efc5f67b86c64fce28fb94e26dc4c9, 32008ab989ddcff1a485fa2b4906234c25dc5cd6, 3b3a2a9c6349e25a025d2330f479bc33a6ccb54a, 98c75d76187944296068d685dfd8a1e9fd8c4fdc
Vendor Advisory: https://git.kernel.org/stable/c/14f91ab8d391f249b845916820a56f42cf747241
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable netem qdisc configurations
linuxRemove or avoid using netem queuing discipline configurations that could trigger the vulnerability.
tc qdisc del dev lo root
tc qdisc del dev dummy0 root
🧯 If You Can't Patch
- Restrict local user access to systems where netem configurations are used
- Monitor for unusual traffic control configuration changes or kernel panic events
🔍 How to Verify
Check if Vulnerable:
Check if netem qdisc is configured with commands like 'tc qdisc show' and verify kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Check kernel version after update matches patched version and test with trigger commands to ensure no crash occurs.📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- KASAN use-after-free reports in dmesg
- Unexpected system crashes
Network Indicators:
- Unusual traffic control rule changes
- Netem qdisc configurations matching trigger pattern
SIEM Query:
source="kernel" AND ("panic" OR "KASAN: use-after-free" OR "netem_dequeue")🔗 References
- https://git.kernel.org/stable/c/14f91ab8d391f249b845916820a56f42cf747241
- https://git.kernel.org/stable/c/295ad5afd9efc5f67b86c64fce28fb94e26dc4c9
- https://git.kernel.org/stable/c/32008ab989ddcff1a485fa2b4906234c25dc5cd6
- https://git.kernel.org/stable/c/3b3a2a9c6349e25a025d2330f479bc33a6ccb54a
- https://git.kernel.org/stable/c/98c75d76187944296068d685dfd8a1e9fd8c4fdc
- https://git.kernel.org/stable/c/db2c235682913a63054e741fe4e19645fdf2d68e
- https://git.kernel.org/stable/c/dde33a9d0b80aae0c69594d1f462515d7ff1cb3d
- https://git.kernel.org/stable/c/f0bddb4de043399f16d1969dad5ee5b984a64e7b
- https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
