CVE-2024-56644
📋 TL;DR
This CVE describes a memory leak vulnerability in the Linux kernel's IPv6 networking stack where expired exception destination cache entries are not properly released. This affects Linux systems using IPv6 networking with specific timing conditions involving TCP connections and ICMPv6 MTU changes. The vulnerability leads to resource exhaustion over time.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could lead to kernel memory exhaustion, causing system instability, denial of service, or preventing network namespace cleanup.
Likely Case
Gradual memory leak over time under specific network conditions, potentially causing performance degradation or system instability.
If Mitigated
Limited impact with proper monitoring and memory limits in place, though still represents a resource leak.
🎯 Exploit Status
Exploitation requires precise timing conditions and specific network traffic patterns, making reliable exploitation difficult.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 0b8903e6c881f72c6849d4952de742c656eb5ab9, 3301ab7d5aeb0fe270f73a3d4810c9d1b6a9f045, 535add1e9f274502209cb997801208bbe1ae6c6f, 8b591bd522b71c42a82898290e35d32b482047e4, a95808252e8acc0123bacd2dff8b9af10bc145b7
Vendor Advisory: https://git.kernel.org/stable/c/0b8903e6c881f72c6849d4952de742c656eb5ab9
Restart Required: Yes
Instructions:
1. Update to a kernel version containing the fix commits. 2. Check your distribution's security advisories for backported patches. 3. Reboot the system after kernel update.
🔧 Temporary Workarounds
Disable IPv6
linuxCompletely disable IPv6 networking to prevent the vulnerability from being triggered.
echo 'net.ipv6.conf.all.disable_ipv6 = 1' >> /etc/sysctl.conf
echo 'net.ipv6.conf.default.disable_ipv6 = 1' >> /etc/sysctl.conf
sysctl -p
Rate limit ICMPv6 packets
linuxLimit ICMPv6 packets that could trigger the MTU change condition.
iptables -A INPUT -p icmpv6 --icmpv6-type packet-too-big -m limit --limit 10/minute -j ACCEPT
iptables -A INPUT -p icmpv6 --icmpv6-type packet-too-big -j DROP
🧯 If You Can't Patch
- Monitor system memory usage and kernel logs for signs of memory leaks or 'unregister_netdevice: waiting for lo to become free' messages.
- Implement aggressive TCP timeout settings to reduce the window for the specific timing condition.
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare with affected commit range: uname -r and examine kernel source or distribution security advisories.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes one of the fix commits: grep -q '0b8903e6c881f72c6849d4952de742c656eb5ab9\|3301ab7d5aeb0fe270f73a3d4810c9d1b6a9f045\|535add1e9f274502209cb997801208bbe1ae6c6f\|8b591bd522b71c42a82898290e35d32b482047e4\|a95808252e8acc0123bacd2dff8b9af10bc145b7' /proc/version📡 Detection & Monitoring
Log Indicators:
- Kernel messages containing 'unregister_netdevice: waiting for lo to become free. Usage count = 2'
- Increasing memory usage in /proc/meminfo or system monitoring tools
Network Indicators:
- Unusual ICMPv6 packet-too-big messages
- TCP connection timeouts in network logs
SIEM Query:
source="kernel" AND "unregister_netdevice: waiting for lo to become free"🔗 References
- https://git.kernel.org/stable/c/0b8903e6c881f72c6849d4952de742c656eb5ab9
- https://git.kernel.org/stable/c/3301ab7d5aeb0fe270f73a3d4810c9d1b6a9f045
- https://git.kernel.org/stable/c/535add1e9f274502209cb997801208bbe1ae6c6f
- https://git.kernel.org/stable/c/8b591bd522b71c42a82898290e35d32b482047e4
- https://git.kernel.org/stable/c/a95808252e8acc0123bacd2dff8b9af10bc145b7
- https://git.kernel.org/stable/c/b90d061345bb8cd51fece561a800bae1c95448a6
- https://git.kernel.org/stable/c/f43d12fd0fa8ee5b9caf8a3927e10d06431764d2
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
