CVE-2024-50058
📋 TL;DR
This CVE addresses a NULL pointer dereference vulnerability in the Linux kernel's serial subsystem. When HUPCL flag is set and specific conditions occur during uart shutdown, the kernel could crash or become unstable. This affects systems using serial ports with the vulnerable kernel versions.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially requiring physical access to reboot.
Likely Case
System instability or crash affecting serial port functionality, but only when HUPCL flag is enabled and specific shutdown conditions occur.
If Mitigated
Minimal impact as the condition requires specific serial port configuration and timing during shutdown.
🎯 Exploit Status
Exploitation requires specific timing during serial port shutdown and HUPCL configuration
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple stable kernel versions with commits: 2fe399bb8efd0d325ab1138cf8e3ecf23a39e96d, 399927f0f875b93f3d5a0336d382ba48b8671eb2, 602babaa84d627923713acaf5f7e9a4369e77473, 76ed24a34223bb2c6b6162e1d8389ec4e602a290, d7b5876a6e74cdf8468a478be6b23f2f5464ac7a
Vendor Advisory: https://git.kernel.org/stable/c/2fe399bb8efd0d325ab1138cf8e3ecf23a39e96d
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version 2. Apply kernel patch from git.kernel.org 3. Reboot system
🔧 Temporary Workarounds
Disable HUPCL on serial ports
linuxPrevent the vulnerable code path by disabling HUPCL flag on serial ports
stty -F /dev/ttyS0 -hupcl
🧯 If You Can't Patch
- Disable serial ports not in use
- Implement strict access controls to serial console interfaces
🔍 How to Verify
Check if Vulnerable:
Check kernel version and verify if serial ports have HUPCL enabledCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes one of the patch commits and test serial port shutdown📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- NULL pointer dereference errors in kernel logs
- Serial port subsystem crashes
Network Indicators:
- Serial console disconnections
- System reboots without clear cause
SIEM Query:
source="kernel" AND ("NULL pointer" OR "uart_shutdown" OR "kernel panic")🔗 References
- https://git.kernel.org/stable/c/2fe399bb8efd0d325ab1138cf8e3ecf23a39e96d
- https://git.kernel.org/stable/c/399927f0f875b93f3d5a0336d382ba48b8671eb2
- https://git.kernel.org/stable/c/602babaa84d627923713acaf5f7e9a4369e77473
- https://git.kernel.org/stable/c/76ed24a34223bb2c6b6162e1d8389ec4e602a290
- https://git.kernel.org/stable/c/d7b5876a6e74cdf8468a478be6b23f2f5464ac7a
- https://git.kernel.org/stable/c/e418d91195d29d5f9c9685ff309b92b04b41dc40
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
