CVE-2024-36902: Patch Released for Linux Kernel Vulnerability Involving IPv6 FIB6 Rules

Recently, a security vulnerability was found in the Linux kernel regarding the IPv6 FIB6 rules that could lead to a NULL dereference. This vulnerability has been identified as CVE-2024-36902 and a patch has been released to fix this issue. In this post, we will provide a detailed analysis of the vulnerability, how it can be exploited, and solutions to mitigate the risk.

Vulnerability Explained

The vulnerability resides in the fib6_rule_action() function in the net/ipv6/fib6_rules.c file. This function can cause a crash due to the unsafe use of ip6_dst_idev(). It was discovered that it can return NULL and should be checked before usage. The crash can be triggered by Syzbot, a tool developed by Google to find kernel vulnerabilities.

The exploit occurs when the ip6_dst_idev() function in the kernel encounters a NULL pointer dereference, causing the kernel to panic and crash. This could potentially be exploited by an attacker to cause a Denial of Service (DoS) on the target system.

1. Initial report of crash by syzbot
2. Linux kernel source code

Patch & Mitigation

A patch has been released which resolves the vulnerability by checking the return value of the ip6_dst_idev() function before usage. You can find the patch here. To mitigate the risk of exploitation, users are advised to update their Linux kernel to the latest version containing the patch.

Notes & Recommendations

- The risk associated with this vulnerability is relatively minimal due to its low impact on system availability or data integrity.
- Attackers would require a specific set of conditions and local access to the target system in order to exploit this vulnerability.
- Installing the released patch and keeping your kernel updated will ensure that your system is protected against this specific vulnerability.

Conclusion

CVE-2024-36902 represents an important vulnerability in the Linux kernel that, although not a high-risk threat, should be patched in order to prevent potential exploitation. It is always crucial to stay informed of vulnerabilities and updates for the software you utilize and to apply patches in a timely manner. This ensures the continued security and stability of your systems and networks.

Timeline

Published on: 05/30/2024 16:15:13 UTC
Last modified on: 08/02/2024 03:43:49 UTC