CVE-2024-57982 – This CVE describes a race condition vulnerabili... (How to Fix)

Q: What is the severity of CVE-2024-57982?

CVE-2024-57982 has a CVSS score of 7.1 (HIGH). This CVE describes a race condition vulnerability in the Linux kernel's XFRM (IPsec) subsystem where parallel hash table operations during state lookup can cause an out-of-bounds read. This affects all Linux systems using XFRM/IPsec functionality, potentially leading to kernel memory disclosure or system crashes.

📋 TL;DR

This CVE describes a race condition vulnerability in the Linux kernel's XFRM (IPsec) subsystem where parallel hash table operations during state lookup can cause an out-of-bounds read. This affects all Linux systems using XFRM/IPsec functionality, potentially leading to kernel memory disclosure or system crashes.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected versions not explicitly stated in CVE, but patches exist for stable kernel trees

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when XFRM/IPsec functionality is enabled and used. Many systems may not have this enabled by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to denial of service, or potential kernel memory disclosure that could aid further exploitation.

🟠

Likely Case

System instability or crashes when XFRM/IPsec is heavily used with concurrent operations.

🟢

If Mitigated

Minimal impact if XFRM/IPsec is not enabled or used minimally.

🌐 Internet-Facing: MEDIUM - Requires XFRM/IPsec usage and specific timing conditions, but internet-facing systems using VPN/IPsec are vulnerable.

🏢 Internal Only: MEDIUM - Internal systems using XFRM/IPsec for internal VPNs or encryption are equally vulnerable.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires race condition timing and XFRM/IPsec usage. No public exploits known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patched in stable kernel commits: a16871c7832e, b86dc510308d, dd4c2a174994, e952837f3ddb

Vendor Advisory: https://git.kernel.org/stable/c/a16871c7832ea6435abb6e0b58289ae7dcb7e4fc

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable XFRM/IPsec

Linux

Disable XFRM subsystem if not required

echo 'blacklist xfrm' > /etc/modprobe.d/disable-xfrm.conf
reboot

🧯 If You Can't Patch

Disable XFRM/IPsec functionality if not required
Limit XFRM state table size and usage to reduce race condition probability

🔍 How to Verify

Check if Vulnerable:

Check if XFRM is enabled: lsmod | grep xfrm and check kernel version against patched versions

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes one of the patch commits: uname -r and check with distribution vendor

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages
System crashes when using IPsec/VPN
dmesg showing XFRM errors

Network Indicators:

IPsec/VPN connection instability
Unexpected network encryption failures

SIEM Query:

kernel: "BUG: unable to handle kernel" OR "xfrm" AND "panic" OR "oops"

📊 Metadata

CVE ID: CVE-2024-57982

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE: CWE-125

EPSS Score: 0.04% exploit probability (11th percentile)

Published: February 27, 2025

Last Updated: January 11, 2026

🔗 References

https://git.kernel.org/stable/c/a16871c7832ea6435abb6e0b58289ae7dcb7e4fc Mailing List,Patch
https://git.kernel.org/stable/c/b86dc510308d7a8955f3f47a4fea4bef887653e4
https://git.kernel.org/stable/c/dd4c2a174994238d55ab54da2545543d36f4e0d0 Mailing List,Patch
https://git.kernel.org/stable/c/e952837f3ddb0ff726d5b582aa1aad9aa38d024d Mailing List,Patch

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-57982, you might also want to check these: