CVE-2024-46860 – This vulnerability in the Linux kernel's MediaT... (How to Fix)

Q: What is the severity of CVE-2024-46860?

CVE-2024-46860 has a CVSS score of 5.5 (MEDIUM). This vulnerability in the Linux kernel's MediaTek MT7921 WiFi driver allows a NULL pointer dereference when disabling WiFi while IPv6 address changes are being processed. It affects Linux systems using the mt76 driver for MediaTek MT7921 WiFi chips. The vulnerability can cause kernel crashes or denial of service.

📋 TL;DR

This vulnerability in the Linux kernel's MediaTek MT7921 WiFi driver allows a NULL pointer dereference when disabling WiFi while IPv6 address changes are being processed. It affects Linux systems using the mt76 driver for MediaTek MT7921 WiFi chips. The vulnerability can cause kernel crashes or denial of service.

💻 Affected Systems

Products:

Linux kernel with mt76 WiFi driver

Versions: Linux kernel versions containing vulnerable mt76 driver code before fixes in stable releases

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires MediaTek MT7921 WiFi hardware and IPv6 enabled. Triggered when disabling WiFi interface.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, requiring physical or remote console access to reboot.

🟠

Likely Case

System instability or crash when disabling WiFi with IPv6 enabled, requiring reboot to restore functionality.

🟢

If Mitigated

Minor service interruption during WiFi disable operations with proper monitoring and automated recovery.

🌐 Internet-Facing: LOW - Requires local access to trigger the condition through WiFi management.

🏢 Internal Only: MEDIUM - Could be triggered by legitimate administrative actions or automated network management tools.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires ability to disable WiFi interface, typically requiring local user or administrative access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel stable releases containing commits 479ffee68d59c599f8aed8fa2dcc8e13e7bd13c3, 4bfee9346d8c17d928ef6da2b8bffab88fa2a553, or 8d92bafd4c67efb692f722d73a07412b5f88c6d6

Vendor Advisory: https://git.kernel.org/stable/c/479ffee68d59c599f8aed8fa2dcc8e13e7bd13c3

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from distribution repositories. 2. Reboot system to load new kernel. 3. Verify driver version and kernel version after reboot.

🔧 Temporary Workarounds

Disable IPv6 on WiFi interfaces

linux

Prevents the IPv6 address change notifier from being called when disabling WiFi

sudo sysctl -w net.ipv6.conf.wlan0.disable_ipv6=1

Avoid disabling WiFi while connected

linux

Disconnect from networks before disabling WiFi interface

sudo nmcli device disconnect wlan0
sudo ip link set wlan0 down

🧯 If You Can't Patch

Implement monitoring for kernel panics and automated recovery procedures
Restrict WiFi management operations to trusted administrators only

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if using mt76 driver with MT7921 hardware: lsmod | grep mt76; dmesg | grep mt7921

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated and check for absence of NULL pointer errors in kernel logs: dmesg | grep -i 'null pointer'

📡 Detection & Monitoring

Log Indicators:

Kernel NULL pointer dereference messages
mt7921_ipv6_addr_change errors in dmesg
Kernel panic logs

Network Indicators:

Unexpected WiFi interface disconnections
Network service interruptions

SIEM Query:

source="kernel" AND ("NULL pointer" OR "mt7921" OR "kernel panic")

📊 Metadata

CVE ID: CVE-2024-46860

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: September 27, 2024

Last Updated: October 2, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-46860, you might also want to check these: