CVE-2024-47684
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's TCP implementation allows denial of service attacks. The vulnerability occurs when tcp_rto_delta_us() receives a NULL skb pointer, leading to kernel crashes. Systems running affected Linux kernel versions with TCP connections are vulnerable.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and complete denial of service, requiring physical or remote reboot.
Likely Case
System instability and crashes affecting network connectivity and running services, particularly under high network load.
If Mitigated
Limited impact with proper kernel hardening and isolation, though crashes could still affect availability.
🎯 Exploit Status
Exploitation requires sending specific TCP packets to trigger the NULL pointer dereference. No public exploit code identified yet.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in kernel commits referenced in CVE
Vendor Advisory: https://git.kernel.org/stable/c/09aea49fbc7e755a915c405644f347137cdb62b0
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. For Ubuntu: sudo apt update && sudo apt upgrade linux-image-generic. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable TCP TLP and RACK features
linuxDisable TCP Tail Loss Probe and RACK features that trigger the vulnerable code path
sysctl -w net.ipv4.tcp_early_retrans=0
sysctl -w net.ipv4.tcp_recovery=0
🧯 If You Can't Patch
- Implement network segmentation to limit exposure to untrusted networks
- Monitor systems for kernel crashes and restart affected services automatically
🔍 How to Verify
Check if Vulnerable:
Check kernel version: uname -r and compare with affected versions. Check if system has experienced kernel crashes with NULL pointer dereference in tcp_rearm_rto().Check Version:
uname -rVerify Fix Applied:
Verify kernel version after update and ensure no crashes occur during TCP operations. Monitor dmesg for related error messages.📡 Detection & Monitoring
Log Indicators:
- Kernel NULL pointer dereference messages in dmesg
- References to tcp_rearm_rto() in crash logs
- System crashes or reboots during network operations
Network Indicators:
- Unusual TCP packet patterns triggering retransmissions
- Connection resets during normal operations
SIEM Query:
source="kernel" AND "NULL pointer dereference" AND "tcp_rearm_rto"🔗 References
- https://git.kernel.org/stable/c/09aea49fbc7e755a915c405644f347137cdb62b0
- https://git.kernel.org/stable/c/16e0387d87fc858e34449fdf2b14ed5837f761db
- https://git.kernel.org/stable/c/570f7d8c9bf14f041152ba8353d4330ef7575915
- https://git.kernel.org/stable/c/5c4c03288a4aea705e36aa44119c13d7ee4dce99
- https://git.kernel.org/stable/c/81d18c152e3f82bacadf83bc0a471b2363b9cc18
- https://git.kernel.org/stable/c/96c4983eab2a5da235f7fff90beaf17b008ba029
- https://git.kernel.org/stable/c/ad4f0a14d6856e68f023fc4e5017cfd881a3dfbc
- https://git.kernel.org/stable/c/c8770db2d54437a5f49417ae7b46f7de23d14db6
- https://git.kernel.org/stable/c/ec31cf42fc4e35bb1248ce6eb1de6de9f851ac86
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
