CVE-2024-50045
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's br_netfilter module causes kernel panic when untagged traffic exceeding VxLAN MTU is forwarded through a bridge with VxLAN ports. This affects Linux systems using bridge networking with VxLAN devices and br_netfilter enabled. The vulnerability leads to denial of service through system crashes.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Complete system crash and denial of service requiring reboot, potentially disrupting all network services on affected systems.
Likely Case
System crash and reboot when specific network conditions are met, causing temporary service disruption.
If Mitigated
No impact if br_netfilter is not loaded or bridge-nf-call-iptables is disabled.
🎯 Exploit Status
Exploitation requires ability to send network traffic meeting specific conditions to affected bridge configuration. No public exploit code identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple kernel versions with fixes (see git commit references)
Vendor Advisory: https://git.kernel.org/stable/c/3453f5839420bfbb85c86c61e49f49ffd0f041c4
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Reboot system to load new kernel. 3. Verify kernel version with 'uname -r'.
🔧 Temporary Workarounds
Disable br_netfilter
linuxUnload br_netfilter module to prevent vulnerability trigger
sudo modprobe -r br_netfilter
Disable bridge-nf-call-iptables
linuxSet sysctl parameter to 0 to bypass vulnerable code path
sudo sysctl -w net.bridge.bridge-nf-call-iptables=0
🧯 If You Can't Patch
- Disable br_netfilter module if not required for functionality
- Ensure net.bridge.bridge-nf-call-iptables is set to 0
🔍 How to Verify
Check if Vulnerable:
Check if br_netfilter is loaded: 'lsmod | grep br_netfilter'. Check sysctl setting: 'sysctl net.bridge.bridge-nf-call-iptables'. Check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated to patched version with 'uname -r'. Test network traffic through VxLAN bridge with large untagged packets.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages mentioning br_nf_dev_queue_xmit
- NULL pointer dereference errors in kernel logs
- System crash/reboot events
Network Indicators:
- Large untagged packets being forwarded through VxLAN bridges
- Network traffic patterns matching vulnerability conditions
SIEM Query:
source="kernel" AND ("br_nf_dev_queue_xmit" OR "NULL pointer dereference" OR "kernel panic")🔗 References
- https://git.kernel.org/stable/c/3453f5839420bfbb85c86c61e49f49ffd0f041c4
- https://git.kernel.org/stable/c/75dfcb758015c97e1accd6340691fca67d363bed
- https://git.kernel.org/stable/c/78ed917133b118661e1fe62d4a85d5d428ee9568
- https://git.kernel.org/stable/c/915717e0bb9837cc5c101bc545af487bd787239e
- https://git.kernel.org/stable/c/95c0cff5a1a5d28bf623b92eb5d1a8f56ed30803
- https://git.kernel.org/stable/c/cce8419b8168f6e7eb637103a47f916f3de8bc81
- https://git.kernel.org/stable/c/f07131239a76cc10d5e82c19d91f53cb55727297
- https://git.kernel.org/stable/c/f9ff7665cd128012868098bbd07e28993e314fdb
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
