CVE-2024-46856
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's DP83822/DP83825/DP83826 PHY driver allows kernel crashes when specific network interface operations are performed. This affects systems using these specific Ethernet PHY chips with unpatched Linux kernels. The vulnerability can cause denial of service but does not allow arbitrary code execution.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and complete denial of service, requiring physical or remote console access to reboot.
Likely Case
System crash when network interface with affected PHY chip is configured or when Wake-on-LAN features are used, requiring reboot to restore service.
If Mitigated
No impact if system doesn't use DP83822/DP83825/DP83826 PHY chips or if interface is not configured/used.
🎯 Exploit Status
Exploitation requires local access and ability to perform network configuration operations on affected PHY interfaces. No known public exploits exist.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel commits 3f62ea572b3e8e3f10c39a9cb4f04ca9ae5f2952 and 67b61e2f4c9c5df97a9a2ef7a1fe35eae00531f4
Vendor Advisory: https://git.kernel.org/stable/c/3f62ea572b3e8e3f10c39a9cb4f04ca9ae5f2952
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load patched kernel. 3. Check with distribution vendor for backported patches if using older kernel versions.
🔧 Temporary Workarounds
Disable affected PHY interfaces
linuxIf system uses DP83822/DP83825/DP83826 PHY chips, disable or blacklist the affected network interfaces
sudo ip link set <interface> down
echo 'blacklist dp83822' | sudo tee /etc/modprobe.d/blacklist-dp83822.conf
🧯 If You Can't Patch
- Restrict network configuration privileges to trusted users only
- Monitor for kernel panic logs and have reboot procedures ready
🔍 How to Verify
Check if Vulnerable:
Check if system uses DP83822/DP83825/DP83826 PHY chips: 'lspci -v | grep -i dp838' or 'dmesg | grep -i dp838'Check Version:
uname -rVerify Fix Applied:
Check kernel version contains fix commits: 'uname -r' and verify with distribution patch notes📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/kern.log or dmesg output
- NULL pointer dereference errors mentioning dp83822 driver
Network Indicators:
- Sudden network interface failures on systems with DP8382x PHY chips
SIEM Query:
source="kernel" AND ("NULL pointer dereference" OR "dp83822" OR "dp83825" OR "dp83826")