CVE-2024-47666
📋 TL;DR
A use-after-free vulnerability in the Linux kernel's pm80xx SCSI driver allows kernel crashes when late PHY control responses trigger completion on a dangling stack pointer. This affects Linux systems using the pm80xx driver for SAS/SATA controllers. Attackers could cause denial-of-service by triggering the race condition.
💻 Affected Systems
- Linux kernel with pm80xx driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial-of-service, potentially requiring physical access to restore functionality.
Likely Case
System instability or crash when using pm80xx driver with specific timing conditions during PHY resets.
If Mitigated
No impact if patched or if pm80xx driver is not in use.
🎯 Exploit Status
Requires local access and ability to trigger PHY control operations with specific timing. Race condition exploitation can be challenging.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 7b1d779647afaea9185fa2f150b1721e7c1aae89, a5d954802bda1aabcba49633cd94bad91c94113f, ddc501f4130f4baa787cb6cfa309af697179f475, e23ee0cc5bded07e700553aecc333bb20c768546, e4f949ef1516c0d74745ee54a0f4882c1f6c7aea
Vendor Advisory: https://git.kernel.org/stable/c/7b1d779647afaea9185fa2f150b1721e7c1aae89
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check distribution-specific security advisories. 3. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Disable pm80xx driver
linuxBlacklist or prevent loading of the vulnerable pm80xx driver
echo 'blacklist pm80xx' >> /etc/modprobe.d/blacklist-pm80xx.conf
update-initramfs -u
reboot
🧯 If You Can't Patch
- Monitor system logs for kernel crashes or panics related to pm80xx
- Restrict local user access to systems using pm80xx driver
🔍 How to Verify
Check if Vulnerable:
Check if pm80xx module is loaded: lsmod | grep pm80xx. Check kernel version against distribution security advisories.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits. Check dmesg for pm80xx-related errors after driver operations.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- Oops messages in dmesg
- pm80xx driver errors in system logs
Network Indicators:
- None - local vulnerability
SIEM Query:
source="kernel" AND ("pm80xx" OR "kernel panic" OR "Oops")🔗 References
- https://git.kernel.org/stable/c/7b1d779647afaea9185fa2f150b1721e7c1aae89
- https://git.kernel.org/stable/c/a5d954802bda1aabcba49633cd94bad91c94113f
- https://git.kernel.org/stable/c/ddc501f4130f4baa787cb6cfa309af697179f475
- https://git.kernel.org/stable/c/e23ee0cc5bded07e700553aecc333bb20c768546
- https://git.kernel.org/stable/c/e4f949ef1516c0d74745ee54a0f4882c1f6c7aea
- https://git.kernel.org/stable/c/f14d3e1aa613311c744af32d75125e95fc8ffb84
