CVE-2024-57994
📋 TL;DR
A race condition vulnerability in the Linux kernel's ptr_ring_resize_multiple() function could cause kernel panics or system instability when network device queue resizing occurs during hardware interrupt handling. This affects Linux systems using the ptr_ring or skb_array subsystems, particularly those with network interfaces that support dynamic queue resizing.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially causing data loss or service disruption.
Likely Case
System instability, kernel warnings, or crashes during network configuration changes, particularly when modifying network interface queue lengths.
If Mitigated
Minor performance impact during network queue resizing operations with proper patching.
🎯 Exploit Status
Discovered by syzbot fuzzer; exploitation requires precise timing and specific system configuration.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 3257dac521d0ac6653108c755141dce634bb8ff2, 572777a258c048e0d0fb3a0c47430eadcefe80c0, a126061c80d5efb4baef4bcf346094139cd81df6, e74801b7628dc52b17471aec729bc675479ddc73
Vendor Advisory: https://git.kernel.org/stable/c/3257dac521d0ac6653108c755141dce634bb8ff2
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager to update kernel package. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Avoid dynamic queue resizing
linuxPrevent network interface queue length changes that could trigger the vulnerable code path.
# Set network interface queue lengths to static values
# Example: ethtool -G eth0 rx 512 tx 512
# Disable automatic queue resizing features if available
🧯 If You Can't Patch
- Monitor system logs for kernel warnings related to ptr_ring_resize_multiple or page_pool
- Avoid network configuration changes that modify queue lengths on production systems
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if it contains the vulnerable ptr_ring_resize_multiple() function. Run: uname -r and check against distribution security advisories.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits or check that ptr_ring_resize_multiple_bh() is present instead of ptr_ring_resize_multiple().📡 Detection & Monitoring
Log Indicators:
- Kernel warnings mentioning ptr_ring_resize_multiple, __page_pool_put_page, or page_pool_put_unrefed_netmem
- System crash logs during network configuration changes
Network Indicators:
- Unusual network interface reconfiguration attempts
SIEM Query:
source="kernel" AND ("ptr_ring_resize_multiple" OR "page_pool_put_unrefed_netmem" OR "WARNING: CPU:")