CVE-2024-50147
📋 TL;DR
A null pointer dereference vulnerability in the Linux kernel's mlx5 network driver allows local attackers to cause a kernel panic (denial of service) by triggering a health error before certain commands execute. This affects systems using Mellanox ConnectX network adapters with vulnerable kernel versions. The vulnerability requires local access to exploit.
💻 Affected Systems
- Linux kernel mlx5 network driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local attacker causes kernel panic leading to system crash and denial of service, potentially disrupting critical network services.
Likely Case
System crash requiring reboot, causing temporary service disruption on affected servers.
If Mitigated
Minimal impact if proper access controls prevent local attackers from triggering the condition.
🎯 Exploit Status
Requires local access and ability to trigger health errors at specific timing. Not trivial to exploit reliably.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple stable kernel versions with commits: 2feac1e562be0efc621a6722644a90f355d53473, d1606090bb294cecb7de3c4ed177f5aa0abd4c4e, d62b14045c6511a7b2d4948d1a83a4e592deeb05, d88564c79d1cedaf2655f12261eca0d2796bde4e
Vendor Advisory: https://git.kernel.org/stable/c/2feac1e562be0efc621a6722644a90f355d53473
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. For Debian systems, apply security updates per Debian LTS advisory. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Restrict local access
linuxLimit local user access to systems using mlx5 drivers to reduce attack surface.
🧯 If You Can't Patch
- Implement strict access controls to prevent unauthorized local users from accessing systems
- Monitor for kernel panic events and health errors in mlx5 driver logs
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if mlx5_core module is loaded: lsmod | grep mlx5_core && uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated beyond patched commits and check dmesg for mlx5 errors after update.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- mlx5_core error logs mentioning null-ptr-deref or trigger_completions
- Health error reports in system logs
Network Indicators:
- Sudden loss of network connectivity on affected interfaces
SIEM Query:
source="kernel" AND ("KASAN: null-ptr-deref" OR "mlx5_cmd_trigger_completions" OR "mlx5_fw_fatal_reporter")🔗 References
- https://git.kernel.org/stable/c/2feac1e562be0efc621a6722644a90f355d53473
- https://git.kernel.org/stable/c/d1606090bb294cecb7de3c4ed177f5aa0abd4c4e
- https://git.kernel.org/stable/c/d62b14045c6511a7b2d4948d1a83a4e592deeb05
- https://git.kernel.org/stable/c/d88564c79d1cedaf2655f12261eca0d2796bde4e
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
