CVE-2024-53168
📋 TL;DR
This is a use-after-free vulnerability in the Linux kernel's sunrpc module affecting TCP sockets used by NFS. It allows attackers with local access to potentially cause kernel memory corruption, leading to system crashes or privilege escalation. Systems using NFS with TCP transport are affected.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to denial of service, or potential privilege escalation to root via kernel memory corruption.
Likely Case
System crash or kernel panic when network namespace deletion coincides with NFS TCP connection cleanup.
If Mitigated
No impact if NFS is not used or if UDP transport is used instead of TCP.
🎯 Exploit Status
Reproduction script provided in CVE details. Requires local access and specific NFS/netns configuration. Timing-dependent exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with fixes from the referenced commits
Vendor Advisory: https://git.kernel.org/stable/c/0ca87e5063757132a044d35baba40a7d4bb25394
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix. 2. Check your distribution's security advisories. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable NFS TCP transport
linuxUse NFS with UDP transport instead of TCP to avoid the vulnerable code path
mount -t nfs -o proto=udp,vers=4.1 <server>:<share> <mountpoint>
Avoid network namespace operations with NFS
linuxPrevent deletion of network namespaces while NFS TCP connections are active
🧯 If You Can't Patch
- Restrict NFS access to trusted users only
- Monitor for kernel panic logs and investigate NFS/netns operations
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if NFS with TCP is in use: uname -r and check /proc/mounts for nfs mounts with tcp optionCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated beyond vulnerable versions and test NFS TCP operations with network namespaces📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- KASAN reports of use-after-free in tcp_write_timer_handler
- NFS connection errors during netns operations
Network Indicators:
- Abnormal TCP retransmissions on NFS ports
- FIN packets being dropped in NFS connections
SIEM Query:
search 'KASAN: slab-use-after-free in tcp_write_timer_handler' OR 'kernel panic' AND 'nfs'