CVE-2024-57802
📋 TL;DR
This CVE describes a kernel memory corruption vulnerability in the Linux kernel's NetRom protocol implementation where insufficient buffer length validation allows reading uninitialized memory. Attackers could potentially leak sensitive kernel memory or cause denial of service. Systems running vulnerable Linux kernel versions with NetRom or IEEE 802.15.4 networking enabled are affected.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel memory information disclosure leading to privilege escalation or system crash
Likely Case
Kernel panic or system instability causing denial of service
If Mitigated
Minimal impact if NetRom/802.15.4 protocols are disabled or systems are isolated
🎯 Exploit Status
Exploitation requires sending specially crafted packets to systems with vulnerable protocols enabled. Found via fuzzing (Syzkaller).
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 3ba7f80d98d4965349cfcd258dd78418496c1625, 64e9f54a14f2887be8634fb85cd2f13bec18a184, 769e36c2119a51070faf58819c58274f57a088db, 78a110332ae268d0b005247c3b9a7d703b875c49, a4fd163aed2edd967a244499754dec991d8b4c7d
Vendor Advisory: https://git.kernel.org/stable/c/3ba7f80d98d4965349cfcd258dd78418496c1625
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable NetRom/AX.25 protocols
linuxDisable the vulnerable networking protocols if not required
modprobe -r netrom
modprobe -r ax25
echo 'blacklist netrom' >> /etc/modprobe.d/blacklist.conf
echo 'blacklist ax25' >> /etc/modprobe.d/blacklist.conf
Disable IEEE 802.15.4
linuxDisable IEEE 802.15.4 wireless protocol if not needed
modprobe -r mac802154
modprobe -r ieee802154
echo 'blacklist mac802154' >> /etc/modprobe.d/blacklist.conf
echo 'blacklist ieee802154' >> /etc/modprobe.d/blacklist.conf
🧯 If You Can't Patch
- Disable NetRom, AX.25, and IEEE 802.15.4 kernel modules
- Implement network segmentation to isolate systems using these protocols
🔍 How to Verify
Check if Vulnerable:
Check if NetRom/AX.25 modules are loaded: lsmod | grep -E 'netrom|ax25|ieee802154|mac802154'Check Version:
uname -rVerify Fix Applied:
Check kernel version contains fix commits or is newer than vulnerable versions. Verify modules are not loaded after applying workarounds.📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- OOM killer messages
- System instability/crash reports
Network Indicators:
- Unusual NetRom/AX.25/802.15.4 traffic patterns
- Malformed packet attempts
SIEM Query:
source="kernel" AND ("panic" OR "Oops" OR "BUG") AND ("netrom" OR "ax25" OR "802.15.4")🔗 References
- https://git.kernel.org/stable/c/3ba7f80d98d4965349cfcd258dd78418496c1625
- https://git.kernel.org/stable/c/64e9f54a14f2887be8634fb85cd2f13bec18a184
- https://git.kernel.org/stable/c/769e36c2119a51070faf58819c58274f57a088db
- https://git.kernel.org/stable/c/78a110332ae268d0b005247c3b9a7d703b875c49
- https://git.kernel.org/stable/c/a4fd163aed2edd967a244499754dec991d8b4c7d
- https://git.kernel.org/stable/c/cf6befa7c569787f53440274bbed1405fc07738d
- https://git.kernel.org/stable/c/f647d72245aadce30618f4c8fd3803904418dbec
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
