CVE-2024-56767
📋 TL;DR
A null pointer dereference vulnerability exists in the Linux kernel's AT_XDMAC DMA engine driver. When the at_xdmac_prep_dma_memset function receives invalid input or memory is exhausted, it can cause a kernel panic or system crash. This affects systems using the AT_XDMAC driver, primarily embedded Linux devices with Atmel/Microchip processors.
💻 Affected Systems
- Linux kernel with AT_XDMAC driver enabled
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, denial of service, and potential data loss or corruption.
Likely Case
System crash or kernel panic resulting in denial of service requiring reboot.
If Mitigated
Minimal impact if proper input validation and memory management are in place.
🎯 Exploit Status
Requires ability to trigger DMA memset operations with specific parameters. Likely requires local access or compromised process.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 3d229600c54e9e0909080ecaf1aab0642aefa5f0, 54376d8d26596f98ed7432a788314bb9154bf3e3, 8d364597de9ce2a5f52714224bfe6c2e7a29b303, c43ec96e8d34399bd9dab2f2dc316b904892133f, e658f1c133b854b2ae799147301d82dddb8f3162
Vendor Advisory: https://git.kernel.org/stable/c/3d229600c54e9e0909080ecaf1aab0642aefa5f0
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. Rebuild kernel if using custom build. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable AT_XDMAC driver
linuxRemove or disable the vulnerable driver module if not required
modprobe -r at_xdmac
echo 'blacklist at_xdmac' >> /etc/modprobe.d/blacklist.conf
🧯 If You Can't Patch
- Restrict user access to DMA operations and system privileges
- Implement monitoring for kernel panics and system crashes
🔍 How to Verify
Check if Vulnerable:
Check if AT_XDMAC driver is loaded: lsmod | grep at_xdmac. Check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits. Check dmesg for no null pointer dereference errors related to at_xdmac.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- NULL pointer dereference in dmesg
- System crash logs
Network Indicators:
- Unusual DMA operation patterns if monitored
SIEM Query:
source="kernel" AND ("NULL pointer dereference" OR "kernel panic") AND "at_xdmac"🔗 References
- https://git.kernel.org/stable/c/3d229600c54e9e0909080ecaf1aab0642aefa5f0
- https://git.kernel.org/stable/c/54376d8d26596f98ed7432a788314bb9154bf3e3
- https://git.kernel.org/stable/c/8d364597de9ce2a5f52714224bfe6c2e7a29b303
- https://git.kernel.org/stable/c/c43ec96e8d34399bd9dab2f2dc316b904892133f
- https://git.kernel.org/stable/c/e658f1c133b854b2ae799147301d82dddb8f3162
- https://git.kernel.org/stable/c/ed1a8aaa344522c0c349ac9042db27ad130ef913
- https://git.kernel.org/stable/c/fdba6d5e455388377ec7e82a5913ddfcc7edd93b
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
