CVE-2024-50039
📋 TL;DR
This CVE describes a Linux kernel vulnerability in the network traffic control subsystem where allowing TCA_STAB (size table) configuration on non-root qdiscs can cause a NULL pointer dereference. Attackers with local access can crash the system by configuring specific qdisc combinations. This affects Linux systems using traffic shaping with SFQ and TBF qdiscs.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local denial of service causing kernel panic and system crash, potentially leading to data loss or service disruption.
Likely Case
Local denial of service requiring system reboot to recover.
If Mitigated
No impact if proper access controls prevent unprivileged users from configuring network qdiscs.
🎯 Exploit Status
Exploitation requires CAP_NET_ADMIN capability or root access to configure network traffic control.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patched in stable kernel trees via commits referenced in CVE
Vendor Advisory: https://git.kernel.org/stable/c/1edf039ee01788ffc25625fe58a903ae2efa213e
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify kernel version with 'uname -r'.
🔧 Temporary Workarounds
Restrict qdisc configuration
linuxPrevent unprivileged users from configuring network qdiscs by removing CAP_NET_ADMIN capability.
setcap -r CAP_NET_ADMIN /path/to/application
capsh --drop=cap_net_admin -- -c 'your_command'
🧯 If You Can't Patch
- Restrict CAP_NET_ADMIN capability to trusted processes only
- Implement strict access controls on network configuration interfaces
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if unpatched, test by attempting to configure TCA_STAB on non-root qdiscs (requires CAP_NET_ADMIN).Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated to include the fix commits, or test that TCA_STAB configuration on non-root qdiscs is rejected.📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs mentioning NULL pointer dereference in sfq_dequeue
- System crash/reboot events following network configuration changes
Network Indicators:
- Unusual traffic control configuration attempts
SIEM Query:
source="kernel" AND "NULL pointer dereference" AND "sfq_dequeue"🔗 References
- https://git.kernel.org/stable/c/1edf039ee01788ffc25625fe58a903ae2efa213e
- https://git.kernel.org/stable/c/2acbb9539bc2284e30d2aeb789c3d96287014264
- https://git.kernel.org/stable/c/3cb7cf1540ddff5473d6baeb530228d19bc97b8a
- https://git.kernel.org/stable/c/3dc6ee96473cc2962c6db4297d4631f261be150f
- https://git.kernel.org/stable/c/76feedc74b90270390fbfdf74a2e944e96872363
- https://git.kernel.org/stable/c/8fb6503592d39065316f45d267c5527b4e7cd995
- https://git.kernel.org/stable/c/adbc3eef43fc94c7c8436da832691ae02333a972
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
