CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-57948

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00069/1

CVE-2024-57948 is a vulnerability in the Linux kernel's mac802154 subsystem, specifically affecting the handling of IEEE 802.15.4 network interfaces. This issue stems from a race condition when removing an IEEE 802.15.4 network interface, potentially leading to a corrupted list and kernel panic. The vulnerability involves a corrupted list in ieee802154_if_remove.

This linux kernel flaw can be triggered when an IEEE 802.15.4 hardware device is unregistered, leading to a race condition during the removal of the network interface. A fix has been implemented to check local interfaces before deleting the sdata list, preventing the kernel panic. With a SVRS of 30, while not immediately critical, this vulnerability should be addressed in a timely manner to prevent potential system instability. The original CVSS score is 0. Systems running affected Linux kernel versions should apply the provided patch to mitigate the risk of this race condition and potential denial-of-service scenarios.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2025-01-31
LAST MODIFIED2025-02-02
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-57948 is a vulnerability found in the Linux kernel's mac802154 driver, which manages IEEE 802.15.4 network interfaces. This vulnerability arises from a race condition during the removal of interfaces. If an IEEE 802.15.4 hardware device is unregistered from the system while a network interface is still in use, the kernel may attempt to delete the interface's data structure before it is fully removed, leading to a kernel crash.

The vulnerability's SVRS (SOCRadar Vulnerability Risk Score) is 30, indicating a moderate risk. This score, based on the SVRS's holistic analysis, reflects the potential impact of a crash but also considers factors like the exploitation difficulty and the widespread use of the affected components.

Key Insights

  • Kernel Crash: CVE-2024-57948 can cause the Linux kernel to crash due to a corrupted data structure. This could lead to system instability and downtime, disrupting critical services and applications.
  • Race Condition: The vulnerability stems from a race condition where the hardware device unregistration and interface removal happen concurrently without proper synchronization. This can lead to unexpected behavior and potential system failures.
  • Syzkaller Discovery: The vulnerability was discovered using the syzkaller fuzzer, which systematically tests the kernel for potential security flaws. This suggests that other vulnerabilities may exist in the Linux kernel and should be actively searched for.
  • Potential for Exploitation: While the CVSS score is 0, the SVRS score of 30 suggests that the vulnerability could be exploited by skilled attackers, especially those familiar with kernel internals.

Mitigation Strategies

  • Apply the Patch: The Linux kernel maintainers have released a patch to address this vulnerability. Applying this patch promptly is the most effective mitigation strategy.
  • Upgrade Kernel Version: If updating the kernel to the patched version is not immediately feasible, consider upgrading to a more recent version of the kernel that incorporates the fix.
  • Minimize Unnecessary Interface Removals: Carefully manage the removal of IEEE 802.15.4 network interfaces, particularly in environments where hardware devices are frequently added or removed.
  • Monitor for Exploits: Actively monitor for any signs of exploitation attempts related to CVE-2024-57948. This includes analyzing system logs, network traffic, and security alerts.

Additional Information

If users have any further questions regarding this vulnerability or incident, they can utilize the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for further assistance.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

USN-7421-1: Linux kernel (Azure) vulnerabilities
2025-04-07
USN-7421-1: Linux kernel (Azure) vulnerabilities | Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - SuperH RISC architecture; - User-Mode Linux (UML); - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - Drivers core; - RAM backed block device driver; - Virtio block driver; - Data acquisition framework and drivers; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - ARM SCPI message protocol; - GPIO subsystem; - GPU drivers; - HID subsystem; - Microsoft Hyper-V drivers; - I3C
ubuntu.com
rss
forum
news
USN-7413-1: Linux kernel (IoT) vulnerabilities
2025-04-03
USN-7413-1: Linux kernel (IoT) vulnerabilities | Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. (CVE-2022-38096) Ye Zhang and Nicolas Wu discovered that the io_uring subsystem in the Linux kernel did not properly handle locking for rings with IOPOLL, leading to a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-21400
ubuntu.com
rss
forum
news
USN-7407-1: Linux kernel (HWE) vulnerabilities
2025-04-02
USN-7407-1: Linux kernel (HWE) vulnerabilities | Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - SuperH RISC architecture; - User-Mode Linux (UML); - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - Drivers core; - RAM backed block device driver; - Virtio block driver; - Data acquisition framework and drivers; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - ARM SCPI message protocol; - GPIO subsystem; - GPU drivers; - HID subsystem; - Microsoft Hyper-V drivers; - I3C
ubuntu.com
rss
forum
news
USN-7392-3: Linux kernel (AWS) vulnerabilities
2025-04-01
USN-7392-3: Linux kernel (AWS) vulnerabilities | Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-23848) Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in
ubuntu.com
rss
forum
news
USN-7392-4: Linux kernel (AWS FIPS) vulnerabilities
2025-04-01
USN-7392-4: Linux kernel (AWS FIPS) vulnerabilities | Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-23848) Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered
ubuntu.com
rss
forum
news
USN-7401-1: Linux kernel (AWS) vulnerabilities
2025-04-01
USN-7401-1: Linux kernel (AWS) vulnerabilities | Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-23848) Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in
ubuntu.com
rss
forum
news
USN-7391-1: Linux kernel vulnerabilities
2025-03-28
USN-7391-1: Linux kernel vulnerabilities | Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-23848) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - S390 architecture; - SuperH RISC architecture; - User-Mode Linux (UML); - x86 architecture; - Cryptographic API; - Virtio block driver; - Data acquisition framework and drivers; - Hardware crypto device drivers
ubuntu.com
rss
forum
news

Social Media

CVE-2024-57948 In the Linux kernel, the following vulnerability has been resolved: mac802154: check local interfaces before deleting sdata list syzkaller reported a corrupted list… https://t.co/eXZhUPjhCQ
0
0
0
New post from https://t.co/uXvPWJy6tj (CVE-2024-57948 | Linux Kernel up to 5.15.176/6.1.126/6.6.73/6.12.10 Network Interface lib/list_debug.c ieee802154_if_remove use after free) has been published on https://t.co/ubqqw7ExjD
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/2e41e98c4e79edae338f2662dbdf74ac2245d183
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/41e4ca8acba39f1cecff2dfdf14ace4ee52c4272
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/80aee0bc0dbe253b6692d33e64455dc742fc52f1
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/b856d2c1384bc5a7456262afd21aa439ee5cdf6e
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/eb09fbeb48709fe66c0d708aed81e910a577a30a
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/0d11dc30edfc4acef0acef130bb5ca596317190a
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/2e41e98c4e79edae338f2662dbdf74ac2245d183
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/41e4ca8acba39f1cecff2dfdf14ace4ee52c4272
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/80aee0bc0dbe253b6692d33e64455dc742fc52f1
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/98ea165a2ac240345c48b57c0a3d08bbcad02929
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/b856d2c1384bc5a7456262afd21aa439ee5cdf6e
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/eb09fbeb48709fe66c0d708aed81e910a577a30a

CWE Details

No CWE details found for this CVE

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence