CVE-2024-56650
📋 TL;DR
A memory corruption vulnerability in the Linux kernel's netfilter subsystem allows attackers to trigger a slab-out-of-bounds read via specially crafted LED target rules. This affects Linux systems using netfilter with LED target support, potentially leading to kernel crashes or information disclosure.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, or potential information disclosure through memory leaks.
Likely Case
Kernel crash causing system instability and denial of service.
If Mitigated
No impact if LED target rules are not used or if proper input validation is implemented.
🎯 Exploit Status
Requires CAP_NET_ADMIN or root privileges to create netfilter rules. Discovered via syzbot fuzzing.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel branches (commits: 04317f4eb2aad312ad85c1a17ad81fe75f1f9bc7, 147a42bb02de8735cb08476be6d0917987d022c2, 36a9d94dac28beef6b8abba46ba8874320d3e800, a9bcc0b70d9baf3ff005874489a0dc9d023b54c3, ab9916321c95f5280b72b4c5055e269f98627efe)
Vendor Advisory: https://git.kernel.org/stable/c/04317f4eb2aad312ad85c1a17ad81fe75f1f9bc7
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable LED target module
linuxPrevent loading of the LED target module to mitigate vulnerability
echo 'install xt_LED /bin/false' >> /etc/modprobe.d/disable-led.conf
rmmod xt_LED
Restrict netfilter rule creation
linuxLimit users who can create netfilter rules via capabilities
setcap -r /usr/sbin/iptables
setcap -r /usr/sbin/ip6tables
🧯 If You Can't Patch
- Remove or audit all LED target rules in netfilter configuration
- Implement strict access controls to prevent unauthorized users from creating netfilter rules
🔍 How to Verify
Check if Vulnerable:
Check if LED target module is loaded: lsmod | grep xt_LEDCheck Version:
uname -rVerify Fix Applied:
Check kernel version against patched versions from kernel git repository📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- KASAN error messages related to strlen or led_tg_check
- Netfilter rule creation logs
Network Indicators:
- Unusual netfilter rule modifications
SIEM Query:
source="kernel" AND ("KASAN" OR "slab-out-of-bounds" OR "led_tg_check")🔗 References
- https://git.kernel.org/stable/c/04317f4eb2aad312ad85c1a17ad81fe75f1f9bc7
- https://git.kernel.org/stable/c/147a42bb02de8735cb08476be6d0917987d022c2
- https://git.kernel.org/stable/c/36a9d94dac28beef6b8abba46ba8874320d3e800
- https://git.kernel.org/stable/c/a9bcc0b70d9baf3ff005874489a0dc9d023b54c3
- https://git.kernel.org/stable/c/ab9916321c95f5280b72b4c5055e269f98627efe
- https://git.kernel.org/stable/c/ad28612ebae1fcc1104bd432e99e99d87f6bfe09
- https://git.kernel.org/stable/c/c40c96d98e536fc1daaa125c2332b988615e30a4
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
