CVE-2024-50042 – A memory corruption vulnerability in the Linux ... (How to Fix)

Q: What is the severity of CVE-2024-50042?

CVE-2024-50042 has a CVSS score of 7.1 (HIGH). A memory corruption vulnerability in the Linux kernel's Intel Ethernet Controller (ice) driver allows attackers to trigger out-of-bounds memory operations when increasing MSI-X count on Virtual Functions. This affects systems using Intel Ethernet controllers with SR-IOV enabled, potentially leading to kernel crashes or privilege escalation.

📋 TL;DR

A memory corruption vulnerability in the Linux kernel's Intel Ethernet Controller (ice) driver allows attackers to trigger out-of-bounds memory operations when increasing MSI-X count on Virtual Functions. This affects systems using Intel Ethernet controllers with SR-IOV enabled, potentially leading to kernel crashes or privilege escalation.

💻 Affected Systems

Products:

Linux kernel with Intel Ethernet Controller (ice) driver

Versions: Linux kernel versions with vulnerable ice driver (specific versions not specified in CVE, but patches available in stable kernels)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Requires Intel Ethernet controller with SR-IOV enabled and attempts to increase VF MSI-X count beyond default (16).

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, or potential privilege escalation if memory corruption can be controlled to execute arbitrary code.

🟠

Likely Case

System instability, kernel crashes, or denial of service when attempting to reconfigure VF MSI-X settings.

🟢

If Mitigated

No impact if SR-IOV is disabled or MSI-X count is not modified beyond default values.

🌐 Internet-Facing: LOW - Requires local access to system and specific configuration changes.

🏢 Internal Only: MEDIUM - Internal users with administrative privileges could exploit this to cause system instability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and ability to modify sysfs parameters. The vulnerability is triggered by specific administrative operations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel stable releases containing commits bce9af1b030b and cbda61979294

Vendor Advisory: https://git.kernel.org/stable/c/bce9af1b030bf59d51bbabf909a3ef164787e44e

Restart Required: Yes

Instructions:

1. Update to a patched Linux kernel version. 2. Rebuild and reinstall the ice driver if using DKMS. 3. Reboot the system to load the patched kernel.

🔧 Temporary Workarounds

Disable SR-IOV

linux

Prevent creation of Virtual Functions by disabling SR-IOV on affected network interfaces

echo 0 > /sys/bus/pci/devices/$PF_PCI/sriov_numvfs

Restrict sysfs access

linux

Limit access to sysfs parameters that control MSI-X configuration

chmod 600 /sys/bus/pci/devices/*/sriov_vf_msix_count

🧯 If You Can't Patch

Avoid modifying VF MSI-X count beyond default value of 16
Implement strict access controls to prevent unauthorized users from modifying sysfs parameters

🔍 How to Verify

Check if Vulnerable:

Check if system has Intel Ethernet controllers with ice driver loaded and SR-IOV enabled: lsmod | grep ice && ls -la /sys/bus/pci/devices/*/sriov_numvfs

Check Version:

uname -r

Verify Fix Applied:

Check kernel version includes the fix commits: uname -r && zgrep -i 'bce9af1b030b\|cbda61979294' /boot/config-$(uname -r) /lib/modules/$(uname -r)/source/.config

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
KASAN reports of slab-out-of-bounds in ice_vsi_alloc_ring_stats
System crashes after modifying sriov_vf_msix_count

Network Indicators:

Network interface instability on affected systems

SIEM Query:

event_source:kernel AND (message:"KASAN: slab-out-of-bounds" OR message:"ice_vsi_alloc_ring_stats")

📊 Metadata

CVE ID: CVE-2024-50042

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE: CWE-125

Published: October 21, 2024

Last Updated: November 22, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-50042, you might also want to check these: