CVE-2024-47743
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's find_asymmetric_key() function could cause kernel panic (system crash) when all id parameters are NULL. This affects Linux systems using asymmetric key functionality. Attackers with local access could potentially crash the system.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially causing data loss or service disruption.
Likely Case
Local denial of service through system crash if an attacker can trigger the vulnerable code path.
If Mitigated
Minimal impact with proper access controls preventing local users from triggering the vulnerable function.
🎯 Exploit Status
Requires local access and ability to call find_asymmetric_key() with NULL parameters.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patched in stable kernel commits referenced in CVE
Vendor Advisory: https://git.kernel.org/stable/c/0d3b0706ada15c333e6f9faf19590ff715e45d1e
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel.
🔧 Temporary Workarounds
Restrict asymmetric key usage
linuxLimit access to asymmetric key functionality to prevent exploitation
echo 0 > /proc/sys/kernel/keys/maxkeys
chmod 600 /proc/keys
🧯 If You Can't Patch
- Restrict local user access to systems using mandatory access controls (SELinux/AppArmor)
- Monitor for kernel panic events and implement system redundancy
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare with patched versions from distribution vendorCheck Version:
uname -rVerify Fix Applied:
Verify kernel version after update matches patched version from vendor📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/messages or dmesg
- System crash/reboot events
Network Indicators:
- None - local exploit only
SIEM Query:
source="kernel" AND "panic" OR "Oops" OR "NULL pointer dereference"🔗 References
- https://git.kernel.org/stable/c/0d3b0706ada15c333e6f9faf19590ff715e45d1e
- https://git.kernel.org/stable/c/13b5b401ead95b5d8266f64904086c55b6024900
- https://git.kernel.org/stable/c/3322fa8f2aa40b0b3651034cd541647a600cc6c0
- https://git.kernel.org/stable/c/70fd1966c93bf3bfe3fe6d753eb3d83a76597eef
- https://git.kernel.org/stable/c/a3765b497a4f5224cb2f7a6a2d3357d3066214ee
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
