CVE-2024-53226
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's RDMA/hns driver allows local attackers to cause a kernel panic (denial of service) by triggering the hns_roce_map_mr_sg() function with a NULL sg_offset argument. This affects systems using Huawei's HiSilicon RoCE (RDMA over Converged Ethernet) hardware with the vulnerable driver. Only local users with appropriate permissions can exploit this vulnerability.
💻 Affected Systems
- Linux kernel with hns RDMA driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local attacker causes kernel panic leading to system crash and denial of service, potentially disrupting critical services.
Likely Case
Local user or misconfigured application triggers kernel panic, causing system instability or crash requiring reboot.
If Mitigated
System remains stable as proper input validation prevents NULL pointer dereference.
🎯 Exploit Status
Exploitation requires local access and ability to trigger the vulnerable RDMA function. No public exploits known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in Linux kernel stable trees (commits: 35f5b68f63aac61d30ce0b0c6beb09b8845a3e65, 52617e76f4963644db71dc0a17e998654dc0c7f4, 6b0d7d6e6883d0ec70cd7b5a02c47c003d5defe7, 6b526d17eed850352d880b93b9bf20b93006bd92, 71becb0e9df78a8d43dfd0efcef18c830a0af477)
Vendor Advisory: https://git.kernel.org/stable/c/35f5b68f63aac61d30ce0b0c6beb09b8845a3e65
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix. 2. Check if hns driver is loaded (lsmod | grep hns). 3. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Unload hns RDMA driver
linuxTemporarily disable the vulnerable driver if RDMA functionality is not required
sudo modprobe -r hns_roce
sudo modprobe -r hns
Blacklist hns driver
linuxPrevent driver from loading at boot
echo 'blacklist hns_roce' | sudo tee /etc/modprobe.d/blacklist-hns.conf
echo 'blacklist hns' | sudo tee -a /etc/modprobe.d/blacklist-hns.conf
🧯 If You Can't Patch
- Restrict local user access to systems with affected hardware
- Implement strict access controls and monitor for suspicious RDMA operations
🔍 How to Verify
Check if Vulnerable:
Check if hns driver is loaded: lsmod | grep -E 'hns|hns_roce'. Check kernel version: uname -r and compare with patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated and hns driver version includes the NULL pointer check. Check dmesg for any recent kernel panics related to hns_roce_map_mr_sg().📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in dmesg or /var/log/kern.log containing 'hns_roce_map_mr_sg' or 'NULL pointer dereference'
- System crash/reboot events
Network Indicators:
- Unusual RDMA traffic patterns if monitoring RDMA networks
SIEM Query:
source="kernel" AND ("hns_roce_map_mr_sg" OR "NULL pointer" OR "kernel panic")🔗 References
- https://git.kernel.org/stable/c/35f5b68f63aac61d30ce0b0c6beb09b8845a3e65
- https://git.kernel.org/stable/c/52617e76f4963644db71dc0a17e998654dc0c7f4
- https://git.kernel.org/stable/c/6b0d7d6e6883d0ec70cd7b5a02c47c003d5defe7
- https://git.kernel.org/stable/c/6b526d17eed850352d880b93b9bf20b93006bd92
- https://git.kernel.org/stable/c/71becb0e9df78a8d43dfd0efcef18c830a0af477
- https://git.kernel.org/stable/c/8c269bb2cc666ca580271e1a8136c63ac9162e1e
- https://git.kernel.org/stable/c/bd715e191d444992d6ed124f15856da5c1cae2de
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
