CVE-2024-57948
📋 TL;DR
A race condition vulnerability in the Linux kernel's IEEE 802.15.4 (WPAN) subsystem allows a local attacker to cause a kernel panic (denial of service) by removing a network interface while hardware is being unregistered. This affects systems using IEEE 802.15.4 wireless interfaces, primarily IoT and embedded Linux devices.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, requiring physical or remote reboot.
Likely Case
System instability or crash when IEEE 802.15.4 interfaces are being removed or hardware is unregistered.
If Mitigated
No impact if proper access controls prevent unprivileged users from manipulating network interfaces.
🎯 Exploit Status
Discovered via syzkaller fuzzing. Exploitation requires local access and ability to manipulate network interfaces.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in stable kernel commits: 0d11dc30edfc4acef0acef130bb5ca596317190a, 2e41e98c4e79edae338f2662dbdf74ac2245d183, 41e4ca8acba39f1cecff2dfdf14ace4ee52c4272, 80aee0bc0dbe253b6692d33e64455dc742fc52f1, 98ea165a2ac240345c48b57c0a3d08bbcad02929
Vendor Advisory: https://git.kernel.org/stable/c/0d11dc30edfc4acef0acef130bb5ca596317190a
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable IEEE 802.15.4 subsystem
linuxRemove or disable IEEE 802.15.4 hardware/drivers if not needed.
modprobe -r mac802154
modprobe -r ieee802154
Restrict interface manipulation
linuxUse Linux capabilities or SELinux/AppArmor to prevent unprivileged users from adding/removing network interfaces.
🧯 If You Can't Patch
- Ensure only trusted users have CAP_NET_ADMIN capability to manipulate network interfaces.
- Monitor system logs for kernel panic messages related to list corruption in ieee802154_if_remove.
🔍 How to Verify
Check if Vulnerable:
Check if IEEE 802.15.4 modules are loaded: lsmod | grep -E 'mac802154|ieee802154'. If loaded and kernel version predates fix commits, system may be vulnerable.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes one of the fix commits: grep -r 'check local interfaces before deleting sdata list' /usr/src/linux-source-*/net/mac802154/iface.c📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages containing 'list_del_entry_valid_or_report'
- BUG at lib/list_debug.c
- ieee802154_if_remove in stack traces
Network Indicators:
- Unusual IEEE 802.15.4 interface removal activity
SIEM Query:
source="kernel" AND ("list_del_entry_valid_or_report" OR "ieee802154_if_remove" OR "kernel BUG at lib/list_debug.c")🔗 References
- https://git.kernel.org/stable/c/0d11dc30edfc4acef0acef130bb5ca596317190a
- https://git.kernel.org/stable/c/2e41e98c4e79edae338f2662dbdf74ac2245d183
- https://git.kernel.org/stable/c/41e4ca8acba39f1cecff2dfdf14ace4ee52c4272
- https://git.kernel.org/stable/c/80aee0bc0dbe253b6692d33e64455dc742fc52f1
- https://git.kernel.org/stable/c/98ea165a2ac240345c48b57c0a3d08bbcad02929
- https://git.kernel.org/stable/c/b856d2c1384bc5a7456262afd21aa439ee5cdf6e
- https://git.kernel.org/stable/c/eb09fbeb48709fe66c0d708aed81e910a577a30a
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
