CVE-2024-50297
📋 TL;DR
A race condition in the Xilinx AXI Ethernet driver in the Linux kernel causes a kernel panic when transmitting network packets under high load. This vulnerability affects systems using Xilinx AXI Ethernet hardware with vulnerable kernel versions. The crash results in denial of service but does not allow arbitrary code execution.
💻 Affected Systems
- Linux kernel with Xilinx AXI Ethernet driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and complete denial of service, requiring physical or remote console access to reboot.
Likely Case
System crash during high network throughput operations like iperf stress tests or heavy data transfers, causing temporary service disruption.
If Mitigated
No impact if patched or if system doesn't use Xilinx AXI Ethernet hardware or doesn't experience high network load.
🎯 Exploit Status
Exploitation requires ability to generate high network traffic on affected hardware. This is a reliability bug rather than a security vulnerability that can be directly weaponized.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 5ccdcdf186aec6b9111845fd37e1757e9b413e2f or def3dee25cbd1c9b2ed443c3f6180e952563de77
Vendor Advisory: https://git.kernel.org/stable/c/5ccdcdf186aec6b9111845fd37e1757e9b413e2f
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load new kernel. 3. Verify the patch is applied by checking kernel version or commit history.
🔧 Temporary Workarounds
Limit network throughput
linuxReduce maximum network bandwidth to prevent high load conditions that trigger the race condition
tc qdisc add dev eth0 root tbf rate 100mbit burst 32kbit latency 400ms
Disable Xilinx AXI Ethernet interface
linuxTemporarily disable the affected network interface if not critical
ip link set dev eth0 down
🧯 If You Can't Patch
- Avoid high network load on Xilinx AXI Ethernet interfaces
- Monitor systems for kernel panic logs and have reboot procedures ready
🔍 How to Verify
Check if Vulnerable:
Check if system uses Xilinx AXI Ethernet hardware and kernel version is before fix commits: dmesg | grep -i xilinx && uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits: git log --oneline | grep -E '5ccdcdf|def3dee'📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages containing 'dql_completed' or 'axienet_dma_tx_cb'
- System crash/reboot logs during high network activity
Network Indicators:
- Sudden network interface failure during high throughput transfers
SIEM Query:
event_source="kernel" AND (message CONTAINS "dql_completed" OR message CONTAINS "axienet_dma_tx_cb" OR message CONTAINS "kernel BUG at lib/dynamic_queue_limits.c")