CVE-2024-50059
📋 TL;DR
This is a use-after-free vulnerability in the Linux kernel's ntb_hw_switchtec driver caused by a race condition during module removal. It allows potential kernel memory corruption when the driver is unloaded while workqueue operations are still running. Systems using the switchtec NTB hardware with the affected kernel driver are vulnerable.
💻 Affected Systems
- Linux kernel with ntb_hw_switchtec driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic, system crash, or potential privilege escalation leading to full system compromise if an attacker can trigger the race condition and control the freed memory region.
Likely Case
System instability, kernel panic, or denial of service when the switchtec driver module is unloaded during normal operations.
If Mitigated
Minimal impact if the driver isn't loaded or the system doesn't use switchtec hardware, or if proper kernel hardening prevents exploitation.
🎯 Exploit Status
Exploitation requires local access and ability to load/unload kernel modules. The race condition makes reliable exploitation challenging.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel with commits 177925d9c8715a897bb79eca62628862213ba956, 3ae45be8492460a35b5aebf6acac1f1d32708946, 5126d8f5567f49b52e21fca320eaa97977055099, 92728fceefdaa2a0a3aae675f86193b006eeaa43, or b650189687822b705711f0567a65a164a314d8df
Vendor Advisory: https://git.kernel.org/stable/c/177925d9c8715a897bb79eca62628862213ba956
Restart Required: Yes
Instructions:
1. Update to a patched Linux kernel version from your distribution vendor. 2. Reboot the system to load the new kernel. 3. Verify the driver is using the patched code.
🔧 Temporary Workarounds
Prevent driver loading
linuxBlacklist the ntb_hw_switchtec driver to prevent it from loading
echo 'blacklist ntb_hw_switchtec' >> /etc/modprobe.d/blacklist-ntb.conf
update-initramfs -u
reboot
Unload driver if not needed
linuxRemove the driver module if it's loaded but not required
rmmod ntb_hw_switchtec
🧯 If You Can't Patch
- Ensure the ntb_hw_switchtec driver is not loaded on systems without switchtec hardware
- Restrict module loading permissions to prevent unauthorized users from loading/unloading kernel modules
🔍 How to Verify
Check if Vulnerable:
Check if ntb_hw_switchtec module is loaded: lsmod | grep ntb_hw_switchtec. If loaded and kernel version is before the fix commits, system is vulnerable.Check Version:
uname -rVerify Fix Applied:
Check kernel version includes the fix commits or verify the driver is not loaded: lsmod | grep ntb_hw_switchtec should return empty if driver is blacklisted.📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages related to ntb_hw_switchtec
- System crashes or panics during driver module unloading
- dmesg entries showing use-after-free errors
SIEM Query:
source="kernel" AND ("ntb_hw_switchtec" OR "use-after-free" OR "general protection fault")🔗 References
- https://git.kernel.org/stable/c/177925d9c8715a897bb79eca62628862213ba956
- https://git.kernel.org/stable/c/3ae45be8492460a35b5aebf6acac1f1d32708946
- https://git.kernel.org/stable/c/5126d8f5567f49b52e21fca320eaa97977055099
- https://git.kernel.org/stable/c/92728fceefdaa2a0a3aae675f86193b006eeaa43
- https://git.kernel.org/stable/c/b650189687822b705711f0567a65a164a314d8df
- https://git.kernel.org/stable/c/e51aded92d42784313ba16c12f4f88cc4f973bbb
- https://git.kernel.org/stable/c/fa840ba4bd9f3bad7f104e5b32028ee73af8b3dd
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
