CVE-2024-47678
📋 TL;DR
This CVE addresses a side-channel vulnerability in the Linux kernel's ICMP rate limiting implementation. The vulnerability could allow attackers to infer information about network activity by observing ICMP response patterns. All Linux systems using affected kernel versions are potentially vulnerable.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Information disclosure allowing attackers to map internal network topology, identify active hosts, or infer traffic patterns through timing analysis of ICMP responses.
Likely Case
Limited information leakage about network configuration and host availability, potentially aiding reconnaissance for further attacks.
If Mitigated
Minimal impact with proper network segmentation, firewall rules, and ICMP filtering in place.
🎯 Exploit Status
Exploitation requires network access and ability to send/receive ICMP packets; timing analysis required
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 483397b4ba280813e4a9c161a0a85172ddb43d19, 662ec52260cc07b9ae53ecd3925183c29d34288b, 8c2bd38b95f75f3d2a08c93e35303e26d480d24e, 997ba8889611891f91e8ad83583466aeab6239a3, a7722921adb046e3836eb84372241f32584bdb07
Vendor Advisory: https://git.kernel.org/stable/c/
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version 2. Reboot system 3. Verify kernel version with 'uname -r'
🔧 Temporary Workarounds
Disable ICMP responses
linuxBlock ICMP echo replies and other ICMP messages at firewall level
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j DROP
iptables -A OUTPUT -p icmp --icmp-type destination-unreachable -j DROP
Rate limit ICMP at network perimeter
linuxApply strict rate limiting to ICMP traffic at network boundaries
iptables -A INPUT -p icmp -m limit --limit 10/second -j ACCEPT
iptables -A INPUT -p icmp -j DROP
🧯 If You Can't Patch
- Implement strict ICMP filtering at network perimeter firewalls
- Deploy network segmentation to limit lateral movement if information is leaked
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare with patched versions; examine if ICMP rate limiting is applied in correct order (requires kernel source analysis)Check Version:
uname -rVerify Fix Applied:
Verify kernel version contains the fix commits; test ICMP response behavior under load📡 Detection & Monitoring
Log Indicators:
- Unusual ICMP traffic patterns
- High volume of ICMP requests from single sources
Network Indicators:
- Abnormal ICMP response timing patterns
- Reconnaissance activity using ICMP
SIEM Query:
source_ip=* AND protocol=ICMP AND count > 1000 per hour🔗 References
- https://git.kernel.org/stable/c/483397b4ba280813e4a9c161a0a85172ddb43d19
- https://git.kernel.org/stable/c/662ec52260cc07b9ae53ecd3925183c29d34288b
- https://git.kernel.org/stable/c/8c2bd38b95f75f3d2a08c93e35303e26d480d24e
- https://git.kernel.org/stable/c/997ba8889611891f91e8ad83583466aeab6239a3
- https://git.kernel.org/stable/c/a7722921adb046e3836eb84372241f32584bdb07
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
