CVE-2024-56587
📋 TL;DR
A race condition vulnerability in the Linux kernel's LED subsystem allows concurrent access to LED device structures during initialization, potentially causing a kernel NULL pointer dereference. This affects Linux systems with LED devices (like game controllers) and can lead to system crashes or instability. The vulnerability requires local access to trigger.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially causing data loss or service disruption.
Likely Case
System instability or crash when LED devices are being initialized while brightness attributes are being read.
If Mitigated
Minor performance impact due to additional mutex locking in LED subsystem operations.
🎯 Exploit Status
Exploitation requires local access and specific timing conditions between two concurrent processes.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 4ca7cd938725a4050dcd62ae9472e931d603118d, 50d9f68e4adf86901cbab1bd5b91f710aa9141b9, 84b42d5b5fcd767c9b7f30b0b32065ed949fe804, b8283d52ed15c02bb2eb9b1b8644dcc34f8e98f1, bb4a6236a430cfc3713f470f3a969f39d6d4ca25
Vendor Advisory: https://git.kernel.org/stable/c/4ca7cd938725a4050dcd62ae9472e931d603118d
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable LED device access
linuxPrevent access to LED brightness attributes via sysfs for vulnerable devices.
chmod 000 /sys/class/leds/*/brightness
chmod 000 /sys/class/leds/*/max_brightness
🧯 If You Can't Patch
- Restrict local user access to systems with LED devices
- Monitor system logs for kernel NULL pointer dereference errors related to LED subsystem
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if LED devices are present: ls /sys/class/leds/Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits: grep -r 'brightness_show' /usr/src/linux/drivers/leds/led-class.c | grep mutex📡 Detection & Monitoring
Log Indicators:
- Kernel logs showing 'Unable to handle kernel NULL pointer dereference' with LED-related functions
- Call traces including brightness_show, dualshock4_led_get_brightness, or led_update_brightness
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND "NULL pointer dereference" AND ("brightness_show" OR "led_update_brightness")🔗 References
- https://git.kernel.org/stable/c/4ca7cd938725a4050dcd62ae9472e931d603118d
- https://git.kernel.org/stable/c/50d9f68e4adf86901cbab1bd5b91f710aa9141b9
- https://git.kernel.org/stable/c/84b42d5b5fcd767c9b7f30b0b32065ed949fe804
- https://git.kernel.org/stable/c/b8283d52ed15c02bb2eb9b1b8644dcc34f8e98f1
- https://git.kernel.org/stable/c/bb4a6236a430cfc3713f470f3a969f39d6d4ca25
- https://git.kernel.org/stable/c/ddcfc5708da9972ac23a9121b3d819b0a53d6f21
- https://git.kernel.org/stable/c/f6d6fb563e4be245a17bc4261a4b294e8bf8a31e
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
