CVE-2024-57795
📋 TL;DR
A use-after-free vulnerability in the Linux kernel's RDMA over Converged Ethernet (RXE) driver allows attackers to potentially crash the kernel or execute arbitrary code. This affects systems using RDMA with the RXE driver, particularly in cloud and high-performance computing environments. The vulnerability occurs when a network device is freed while RDMA operations are still referencing it.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, or potential arbitrary code execution with kernel privileges resulting in complete system compromise.
Likely Case
System instability, kernel crashes, or denial of service affecting RDMA functionality.
If Mitigated
Limited to RDMA service disruption if proper isolation and privilege separation are implemented.
🎯 Exploit Status
Exploitation requires triggering specific race conditions during network device teardown while RDMA operations are active.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel commits: 2ac5415022d16d63d912a39a06f32f1f51140261, 32ca3557d968e662957131374a5f81c9c9cdbba8, 9f6f54e6a6863131442b40e14d1792b090c7ce21
Vendor Advisory: https://git.kernel.org/stable/c/2ac5415022d16d63d912a39a06f32f1f51140261
Restart Required: Yes
Instructions:
1. Update to a kernel version containing the fix commits. 2. Check your distribution's security advisories for backported patches. 3. Reboot the system after kernel update.
🔧 Temporary Workarounds
Disable RDMA/RXE
allDisable RDMA functionality if not required
modprobe -r rdma_rxe
echo 'blacklist rdma_rxe' > /etc/modprobe.d/disable-rdma.conf
Disable network device hotplug
allPrevent network device removal while RDMA is active
🧯 If You Can't Patch
- Isolate RDMA networks from untrusted systems
- Implement strict access controls to RDMA interfaces
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if RDMA/RXE modules are loaded: 'lsmod | grep rxe' and 'uname -r'Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits or check with distribution's security update verification tools📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- KASAN use-after-free reports in dmesg
- RDMA error messages
Network Indicators:
- Unexpected RDMA connection drops
- Network interface errors
SIEM Query:
search 'KASAN: slab-use-after-free' OR 'BUG:' in kernel logs