CVE-2024-56748
📋 TL;DR
This CVE describes a memory leak vulnerability in the Linux kernel's QLogic FastLinQ 4xxxx Ethernet Driver (qedf). When the qed_sb_init function fails during system buffer allocation, it doesn't properly release DMA memory, potentially leading to resource exhaustion. This affects systems using QLogic FastLinQ 4xxxx Ethernet adapters with the vulnerable driver.
💻 Affected Systems
- Linux kernel with QLogic FastLinQ 4xxxx Ethernet Driver (qedf)
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
An attacker could repeatedly trigger the failure condition to exhaust system memory, leading to denial of service, system instability, or kernel panic.
Likely Case
System instability or performance degradation due to memory exhaustion over time, potentially requiring system reboot.
If Mitigated
Minimal impact with proper memory monitoring and system hardening in place.
🎯 Exploit Status
Exploitation requires triggering specific driver failure conditions, typically requiring local access or ability to influence driver operations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel versions containing commits 0e04bd5a11dffe8c1c0e4c9fc79f7d3cd6182dd5 or later
Vendor Advisory: https://git.kernel.org/stable/c/0e04bd5a11dffe8c1c0e4c9fc79f7d3cd6182dd5
Restart Required: Yes
Instructions:
1. Update to a patched Linux kernel version. 2. Rebuild kernel if using custom kernel. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Unload qedf driver
linuxTemporarily disable the vulnerable driver if QLogic adapter is not required
sudo modprobe -r qedf
Blacklist qedf driver
linuxPrevent qedf driver from loading at boot
echo 'blacklist qedf' | sudo tee /etc/modprobe.d/blacklist-qedf.conf
sudo update-initramfs -u
🧯 If You Can't Patch
- Implement strict memory usage monitoring and alerts for systems using qedf driver
- Restrict local user access to systems with vulnerable driver loaded
🔍 How to Verify
Check if Vulnerable:
Check if qedf driver is loaded: lsmod | grep qedf. If loaded, check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits: uname -r and check git commit history. Confirm qedf driver loads without issues.📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages related to qedf driver
- Memory allocation failures in kernel logs
- System instability or crash reports
Network Indicators:
- Degraded network performance on QLogic interfaces
- Interface failures on systems with qedf driver
SIEM Query:
source="kernel" AND ("qedf" OR "DMA allocation failed" OR "out of memory")🔗 References
- https://git.kernel.org/stable/c/0e04bd5a11dffe8c1c0e4c9fc79f7d3cd6182dd5
- https://git.kernel.org/stable/c/64654bf5efb3f748e6fc41227adda689618ce9c4
- https://git.kernel.org/stable/c/78a169dc69fbdaf114c40e2d56955bf6bd4fc3c0
- https://git.kernel.org/stable/c/7c1832287b21ff68c4e3625e63cc7619edf5908b
- https://git.kernel.org/stable/c/97384449ddfc07f12ca75f510eb070020d7abb34
- https://git.kernel.org/stable/c/a56777a3ef5b35e24a20c4418bcf88bad033807a
- https://git.kernel.org/stable/c/b514f45e0fe18d763a1afc34401b1585333cb329
- https://git.kernel.org/stable/c/c62c30429db3eb4ced35c7fcf6f04a61ce3a01bb
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
