Login Sign Up

CVE-2024-49998

4.7 MEDIUM
Denial of Service

📋 TL;DR

This CVE describes a race condition vulnerability in the Linux kernel's DSA (Distributed Switch Architecture) subsystem during system shutdown. It can cause kernel NULL pointer dereferences leading to system crashes or denial of service. Systems using DSA-capable network switches with affected kernel versions are vulnerable.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected versions not explicitly stated in CVE description, but patches exist for multiple stable branches.
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires DSA subsystem usage with specific drivers like lan9303. Systems without DSA or using unaffected drivers are not vulnerable.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially requiring physical intervention to restart.

🟠

Likely Case

System instability during shutdown, possible kernel oops messages, and system crashes.

🟢

If Mitigated

Minor system instability during shutdown with error messages but no persistent damage.

🌐 Internet-Facing: LOW - Requires local system access or ability to trigger shutdown sequences.
🏢 Internal Only: MEDIUM - Could be triggered by authorized users or automated shutdown procedures.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Exploitation requires triggering specific shutdown sequences with precise timing. More likely to occur accidentally during normal system shutdown than through malicious exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Multiple stable kernel versions with fixes: 2e93bf719462, 6c24a03a61a2, 87bd909a7014, ab5d3420a112, b4a65d479213

Vendor Advisory: https://git.kernel.org/stable/c/2e93bf719462ac6d23c881c8b93e5dc9bf5ab7f5

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Avoid DSA shutdown triggers

linux

Avoid using systems with DSA-capable switches or disable DSA functionality if not required.

🧯 If You Can't Patch

  • Avoid system shutdowns while DSA interfaces are active
  • Implement graceful shutdown procedures with network interface down commands first

🔍 How to Verify

Check if Vulnerable:

Check kernel version and DSA configuration: 'uname -r' and examine /sys/class/net/ for DSA interfaces

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes one of the fix commits: 'uname -r' and check kernel changelog

📡 Detection & Monitoring

Log Indicators:

  • Kernel oops messages
  • NULL pointer dereference errors in dmesg
  • System crash during shutdown

Network Indicators:

  • Unexpected network interface failures during shutdown

SIEM Query:

search 'kernel: BUG: unable to handle kernel NULL pointer dereference' OR 'kernel: Oops:' during shutdown events

📊 Metadata

CVE ID: CVE-2024-49998
CVSS v3 Score: 4.7 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-367
Published: October 21, 2024
Last Updated: November 24, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-49998, you might also want to check these:

CVE-2026-25641 10.0

CVE-2026-25641 is a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attack...

Same vulnerability type (CWE-367)
CVE-2025-64180 10.0

A critical TOCTOU vulnerability in Manager accounting software allows attackers to bypass DNS valida...

Same vulnerability type (CWE-367)
CVE-2025-13032 9.9

A double fetch vulnerability in the sandbox kernel driver of Avast/AVG Antivirus on Windows allows l...

Same vulnerability type (CWE-367)