CVE-2024-57948: Linux Kernel Fix for Corrupted List in mac802154

The Linux kernel has recently patched a vulnerability reported by syzkaller in the mac802154 subsystem, which could corrupt the list in ieee802154_if_remove. The vulnerability revolves around removing an IEEE 802.15.4 network interface after unregistering an IEEE 802.15.4 hardware device from the system. To resolve this issue, a check for local->interfaces is now required before deleting the sdata list.

ieee802154_if_remove and list_del_rcu are executed.

At this point, the net device is unregistered and since the RCU (Read-Copy-Update) grace period has already lapsed, unregistration must be done before calling ieee802154_if_remove. This results in an Oops error as shown below in the original syzkaller crash report:

kernel BUG at lib/list_debug.c:58!
Oops: invalid opcode: 000 [#1] PREEMPT SMP KASAN PTI

To avoid this issue, a simple check for local->interfaces before deleting the sdata list has been added.

The following code snippet reflects the change that has been made to the Linux kernel

// Before
list_del_rcu(&sdata->list);

// After
if (!list_empty(&local->interfaces))
    list_del_rcu(&sdata->list);

Original References

1. syzkaller report on corrupted list
2. kernel BUG at lib/list_debug.c:58
3. Linux kernel source for the patched method

Conclusion

CVE-2024-57948 addresses a vulnerability found within the mac802154 subsystem of the Linux kernel. By adding a simple check for local interfaces before deleting the sdata list, this issue has now been resolved. This serves as a reminder for all Linux system administrators to keep their kernel versions up-to-date and apply security patches as needed.

Timeline

Published on: 01/31/2025 12:15:27 UTC
Last modified on: 02/02/2025 11:15:14 UTC