CVE-2024-47756
📋 TL;DR
This CVE-2024-47756 is a NULL pointer dereference vulnerability in the Linux kernel's PCI keystone driver. The bug occurs when an incorrect logical operator (&& instead of ||) in ks_pcie_quirk() could lead to dereferencing a NULL pointer, potentially causing kernel panic or system crash. This affects systems using the affected Linux kernel versions with the keystone PCI driver enabled.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially requiring physical reboot of affected systems.
Likely Case
System instability or crash when specific PCI operations are performed on affected hardware configurations.
If Mitigated
No impact if the vulnerable driver is not loaded or the specific hardware configuration is not present.
🎯 Exploit Status
Exploitation requires local access and specific hardware conditions. The vulnerability is a logic error that could be triggered during normal PCI operations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check specific kernel versions in provided git commit references
Vendor Advisory: https://git.kernel.org/stable/c/2171c5cb2fbc3e03af7e8116cd58736c09328655
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Rebuild kernel if compiling from source. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable keystone PCI driver
linuxPrevent loading of the vulnerable driver module
echo 'blacklist keystone-pcie' >> /etc/modprobe.d/blacklist.conf
rmmod keystone-pcie
🧯 If You Can't Patch
- Ensure the keystone PCI driver is not loaded on affected systems
- Restrict physical access to systems and monitor for kernel panic events
🔍 How to Verify
Check if Vulnerable:
Check if keystone-pcie module is loaded: lsmod | grep keystone-pcieCheck Version:
uname -rVerify Fix Applied:
Check kernel version after update: uname -r and verify it includes the fix commit📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/kern.log or dmesg
- NULL pointer dereference errors in kernel logs
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
Search for 'kernel panic' or 'NULL pointer dereference' in system logs🔗 References
- https://git.kernel.org/stable/c/2171c5cb2fbc3e03af7e8116cd58736c09328655
- https://git.kernel.org/stable/c/23838bef2adb714ec37b2d6141dccf4a3a70bdef
- https://git.kernel.org/stable/c/6188a1c762eb9bbd444f47696eda77a5eae6207a
- https://git.kernel.org/stable/c/72210e52e19a27f615e0b5273d2bf012d0dc318d
- https://git.kernel.org/stable/c/9c9afc3e75069fcfb067727973242cfbf00dd7eb
- https://git.kernel.org/stable/c/c289903b7a216df5ea6e1850ddf1b958eea9921d
- https://git.kernel.org/stable/c/dc5aeba07395c8dfa29bb878c8ce4d5180427221
- https://git.kernel.org/stable/c/e85ab507882db165c10a858d7f685a0a38f0312e
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
