CVE-2024-50261
📋 TL;DR
This CVE describes a use-after-free vulnerability in the Linux kernel's MACsec implementation. When MACsec offloading is enabled, the kernel can attempt to use freed memory while transmitting packets, potentially leading to system crashes or arbitrary code execution. Systems using MACsec with hardware offloading (particularly with mlx5 drivers) are affected.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic, system crash, or potential arbitrary code execution with kernel privileges leading to complete system compromise.
Likely Case
System instability, kernel panics, or denial of service due to memory corruption when MACsec offloading is active.
If Mitigated
Minimal impact if MACsec offloading is disabled or systems are not using affected network drivers.
🎯 Exploit Status
Exploitation requires local access or ability to trigger specific network conditions with MACsec offloading. Race condition makes reliable exploitation challenging.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel branches (commits: 4614640f1d5c93c22272117dc256e9940ccac8e8, 872932cf75cf859804370a265dd58118129386fa, 9f5ae743dbe9a2458540a7d35fff0f990df025cf, f1e54d11b210b53d418ff1476c6b58a2f434dfc0)
Vendor Advisory: https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. For Debian systems: apt update && apt upgrade linux-image-*. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable MACsec offloading
linuxPrevent use of hardware offloading for MACsec to avoid the vulnerable code path
ethtool -K <interface> macsec-hw-offload off
🧯 If You Can't Patch
- Disable MACsec entirely on affected interfaces
- Restrict network access to systems using MACsec offloading
🔍 How to Verify
Check if Vulnerable:
Check kernel version and MACsec configuration. Systems with MACsec offloading enabled on vulnerable kernel versions are at risk.Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated to include the fix commits, and check that MACsec functionality works without crashes.📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- KASAN reports of use-after-free in mlx5e_xmit or macsec functions
- System crash dumps
Network Indicators:
- Unexpected network interface resets on MACsec-enabled interfaces
- Increased packet loss on MACsec tunnels
SIEM Query:
Search for kernel logs containing 'KASAN: slab-use-after-free' or 'macsec' with crash indicators🔗 References
- https://git.kernel.org/stable/c/4614640f1d5c93c22272117dc256e9940ccac8e8
- https://git.kernel.org/stable/c/872932cf75cf859804370a265dd58118129386fa
- https://git.kernel.org/stable/c/9f5ae743dbe9a2458540a7d35fff0f990df025cf
- https://git.kernel.org/stable/c/f1e54d11b210b53d418ff1476c6b58a2f434dfc0
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
