CVE-2024-26881: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when 1588 is received on HIP08 devices The HIP08 devices does not register the ptp devices, so the hdev->ptp is NULL, but the hardware can receive 1588 messages, and set the HNS3_RXD_TS_VLD_B bit, so, if match this case, the access of hdev->ptp->flags will cause a kernel crash: [ 5888.946472] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000018 [ 5888.946475] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000018 ... [ 5889.266118] pc : hclge_ptp_get_rx_hwts+0x40/0x170 [hclge] [ 5889.272612] lr : hclge_ptp_get_rx_hwts+0x34/0x170 [hclge] [ 5889.279101] sp : ffff800012c3bc50 [ 5889.283516] x29: ffff800012c3bc50 x28: ffff2040002be040 [ 5889.289927] x27: ffff800009116484 x26: 0000000080007500 [ 5889.296333] x25: 0000000000000000 x24: ffff204001c6f000 [ 5889.302738] x23: ffff204144f53c00 x22: 0000000000000000 [ 5889.309134] x21: 0000000000000000 x20: ffff204004220080 [ 5889.315520] x19: ffff204144f53c00 x18: 0000000000000000 [ 5889.321897] x17: 0000000000000000 x16: 0000000000000000 [ 5889.328263] x15: 0000004000140ec8 x14: 0000000000000000 [ 5889.334617] x13: 0000000000000000 x12: 00000000010011df [ 5889.340965] x11: bbfeff4d22000000 x10: 0000000000000000 [ 5889.347303] x9 : ffff800009402124 x8 : 0200f78811dfbb4d [ 5889.353637] x7 : 2200000000191b01 x6 : ffff208002a7d480 [ 5889.359959] x5 : 0000000000000000 x4 : 0000000000000000 [ 5889.366271] x3 : 0000000000000000 x2 : 0000000000000000 [ 5889.372567] x1 : 0000000000000000 x0 : ffff20400095c080 [ 5889.378857] Call trace: [ 5889.382285] hclge_ptp_get_rx_hwts+0x40/0x170 [hclge] [ 5889.388304] hns3_handle_bdinfo+0x324/0x410 [hns3] [ 5889.394055] hns3_handle_rx_bd+0x60/0x150 [hns3] [ 5889.399624] hns3_clean_rx_ring+0x84/0x170 [hns3] [ 5889.405270] hns3_nic_common_poll+0xa8/0x220 [hns3] [ 5889.411084] napi_poll+0xcc/0x264 [ 5889.415329] net_rx_action+0xd4/0x21c [ 5889.419911] __do_softirq+0x130/0x358 [ 5889.424484] irq_exit+0x134/0x154 [ 5889.428700] __handle_domain_irq+0x88/0xf0 [ 5889.433684] gic_handle_irq+0x78/0x2c0 [ 5889.438319] el1_irq+0xb8/0x140 [ 5889.442354] arch_cpu_idle+0x18/0x40 [ 5889.446816] default_idle_call+0x5c/0x1c0 [ 5889.451714] cpuidle_idle_call+0x174/0x1b0 [ 5889.456692] do_idle+0xc8/0x160 [ 5889.460717] cpu_startup_entry+0x30/0xfc [ 5889.465523] secondary_start_kernel+0x158/0x1ec [ 5889.470936] Code: 97ffab78 f9411c14 91408294 f9457284 (f9400c80) [ 5889.477950] SMP: stopping secondary CPUs [ 5890.514626] SMP: failed to stop secondary CPUs 0-69,71-95 [ 5890.522951] Starting crashdump kernel...
AI Analysis
Technical Summary
CVE-2024-26881 is a vulnerability identified in the Linux kernel specifically affecting the hns3 network driver used for HIP08 devices. The issue arises because HIP08 devices do not register Precision Time Protocol (PTP) devices, resulting in a NULL pointer for the hdev->ptp structure. Despite this, the hardware can still receive IEEE 1588 (PTP) messages and set the HNS3_RXD_TS_VLD_B bit. When the kernel code attempts to access the hdev->ptp->flags field without verifying that hdev->ptp is non-NULL, it leads to a NULL pointer dereference and consequently a kernel crash. The crash manifests as a kernel panic with a NULL pointer dereference at a low virtual memory address (0x18), as shown in the provided kernel logs. The crash occurs in the function hclge_ptp_get_rx_hwts within the hclge kernel module, which is called during the processing of received network packets by the hns3 driver. This vulnerability can be triggered remotely by sending crafted 1588 PTP packets to affected devices, causing denial of service (DoS) through kernel crashes and system reboots. The affected versions correspond to specific Linux kernel commits identified by the hash 0bf5eb788512187b744ef7f79de835e6cbe85b9c, indicating a narrow range of kernel versions impacted. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The root cause is a lack of proper NULL pointer checks in the network driver code when handling PTP timestamping on HIP08 devices. This vulnerability is particularly relevant for systems using the hns3 driver with HIP08 network interface cards, which are commonly found in data center and enterprise networking hardware. The issue can lead to system instability and availability loss if exploited.
Potential Impact
For European organizations, the primary impact of CVE-2024-26881 is the potential for denial of service on Linux systems utilizing HIP08 network devices with the hns3 driver. This can disrupt critical network infrastructure, especially in data centers, cloud environments, and enterprise networks relying on precise time synchronization via PTP. The kernel crash can cause unplanned system reboots, leading to downtime and potential loss of service continuity. Organizations with high availability requirements, such as financial institutions, telecommunications providers, and industrial control systems, may experience operational disruptions. Although this vulnerability does not directly expose confidentiality or integrity risks, the availability impact can indirectly affect business operations and service delivery. The lack of known exploits reduces immediate risk, but the ease of triggering the crash via network packets means attackers with network access could cause disruptions. European organizations using affected hardware or Linux distributions with the vulnerable kernel versions should prioritize patching to maintain system stability and avoid service interruptions.
Mitigation Recommendations
To mitigate CVE-2024-26881, European organizations should: 1) Identify Linux systems running kernels with the affected commit hashes and verify if they use the hns3 driver with HIP08 devices. 2) Apply the latest Linux kernel updates or patches that address this vulnerability as soon as they become available from trusted Linux distribution vendors or the upstream kernel project. 3) If immediate patching is not feasible, implement network-level controls to restrict or filter incoming IEEE 1588 PTP packets from untrusted sources to reduce the risk of remote exploitation. 4) Monitor system logs and kernel crash reports for signs of this specific NULL pointer dereference and kernel panic to detect potential exploitation attempts. 5) Engage with hardware vendors to confirm device firmware compatibility and updates that may complement kernel patches. 6) For critical systems, consider deploying redundant network paths and failover mechanisms to minimize downtime in case of crashes. 7) Educate system administrators about the vulnerability and ensure incident response plans include procedures for kernel crash recovery related to network driver issues.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy
CVE-2024-26881: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when 1588 is received on HIP08 devices The HIP08 devices does not register the ptp devices, so the hdev->ptp is NULL, but the hardware can receive 1588 messages, and set the HNS3_RXD_TS_VLD_B bit, so, if match this case, the access of hdev->ptp->flags will cause a kernel crash: [ 5888.946472] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000018 [ 5888.946475] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000018 ... [ 5889.266118] pc : hclge_ptp_get_rx_hwts+0x40/0x170 [hclge] [ 5889.272612] lr : hclge_ptp_get_rx_hwts+0x34/0x170 [hclge] [ 5889.279101] sp : ffff800012c3bc50 [ 5889.283516] x29: ffff800012c3bc50 x28: ffff2040002be040 [ 5889.289927] x27: ffff800009116484 x26: 0000000080007500 [ 5889.296333] x25: 0000000000000000 x24: ffff204001c6f000 [ 5889.302738] x23: ffff204144f53c00 x22: 0000000000000000 [ 5889.309134] x21: 0000000000000000 x20: ffff204004220080 [ 5889.315520] x19: ffff204144f53c00 x18: 0000000000000000 [ 5889.321897] x17: 0000000000000000 x16: 0000000000000000 [ 5889.328263] x15: 0000004000140ec8 x14: 0000000000000000 [ 5889.334617] x13: 0000000000000000 x12: 00000000010011df [ 5889.340965] x11: bbfeff4d22000000 x10: 0000000000000000 [ 5889.347303] x9 : ffff800009402124 x8 : 0200f78811dfbb4d [ 5889.353637] x7 : 2200000000191b01 x6 : ffff208002a7d480 [ 5889.359959] x5 : 0000000000000000 x4 : 0000000000000000 [ 5889.366271] x3 : 0000000000000000 x2 : 0000000000000000 [ 5889.372567] x1 : 0000000000000000 x0 : ffff20400095c080 [ 5889.378857] Call trace: [ 5889.382285] hclge_ptp_get_rx_hwts+0x40/0x170 [hclge] [ 5889.388304] hns3_handle_bdinfo+0x324/0x410 [hns3] [ 5889.394055] hns3_handle_rx_bd+0x60/0x150 [hns3] [ 5889.399624] hns3_clean_rx_ring+0x84/0x170 [hns3] [ 5889.405270] hns3_nic_common_poll+0xa8/0x220 [hns3] [ 5889.411084] napi_poll+0xcc/0x264 [ 5889.415329] net_rx_action+0xd4/0x21c [ 5889.419911] __do_softirq+0x130/0x358 [ 5889.424484] irq_exit+0x134/0x154 [ 5889.428700] __handle_domain_irq+0x88/0xf0 [ 5889.433684] gic_handle_irq+0x78/0x2c0 [ 5889.438319] el1_irq+0xb8/0x140 [ 5889.442354] arch_cpu_idle+0x18/0x40 [ 5889.446816] default_idle_call+0x5c/0x1c0 [ 5889.451714] cpuidle_idle_call+0x174/0x1b0 [ 5889.456692] do_idle+0xc8/0x160 [ 5889.460717] cpu_startup_entry+0x30/0xfc [ 5889.465523] secondary_start_kernel+0x158/0x1ec [ 5889.470936] Code: 97ffab78 f9411c14 91408294 f9457284 (f9400c80) [ 5889.477950] SMP: stopping secondary CPUs [ 5890.514626] SMP: failed to stop secondary CPUs 0-69,71-95 [ 5890.522951] Starting crashdump kernel...
AI-Powered Analysis
Technical Analysis
CVE-2024-26881 is a vulnerability identified in the Linux kernel specifically affecting the hns3 network driver used for HIP08 devices. The issue arises because HIP08 devices do not register Precision Time Protocol (PTP) devices, resulting in a NULL pointer for the hdev->ptp structure. Despite this, the hardware can still receive IEEE 1588 (PTP) messages and set the HNS3_RXD_TS_VLD_B bit. When the kernel code attempts to access the hdev->ptp->flags field without verifying that hdev->ptp is non-NULL, it leads to a NULL pointer dereference and consequently a kernel crash. The crash manifests as a kernel panic with a NULL pointer dereference at a low virtual memory address (0x18), as shown in the provided kernel logs. The crash occurs in the function hclge_ptp_get_rx_hwts within the hclge kernel module, which is called during the processing of received network packets by the hns3 driver. This vulnerability can be triggered remotely by sending crafted 1588 PTP packets to affected devices, causing denial of service (DoS) through kernel crashes and system reboots. The affected versions correspond to specific Linux kernel commits identified by the hash 0bf5eb788512187b744ef7f79de835e6cbe85b9c, indicating a narrow range of kernel versions impacted. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The root cause is a lack of proper NULL pointer checks in the network driver code when handling PTP timestamping on HIP08 devices. This vulnerability is particularly relevant for systems using the hns3 driver with HIP08 network interface cards, which are commonly found in data center and enterprise networking hardware. The issue can lead to system instability and availability loss if exploited.
Potential Impact
For European organizations, the primary impact of CVE-2024-26881 is the potential for denial of service on Linux systems utilizing HIP08 network devices with the hns3 driver. This can disrupt critical network infrastructure, especially in data centers, cloud environments, and enterprise networks relying on precise time synchronization via PTP. The kernel crash can cause unplanned system reboots, leading to downtime and potential loss of service continuity. Organizations with high availability requirements, such as financial institutions, telecommunications providers, and industrial control systems, may experience operational disruptions. Although this vulnerability does not directly expose confidentiality or integrity risks, the availability impact can indirectly affect business operations and service delivery. The lack of known exploits reduces immediate risk, but the ease of triggering the crash via network packets means attackers with network access could cause disruptions. European organizations using affected hardware or Linux distributions with the vulnerable kernel versions should prioritize patching to maintain system stability and avoid service interruptions.
Mitigation Recommendations
To mitigate CVE-2024-26881, European organizations should: 1) Identify Linux systems running kernels with the affected commit hashes and verify if they use the hns3 driver with HIP08 devices. 2) Apply the latest Linux kernel updates or patches that address this vulnerability as soon as they become available from trusted Linux distribution vendors or the upstream kernel project. 3) If immediate patching is not feasible, implement network-level controls to restrict or filter incoming IEEE 1588 PTP packets from untrusted sources to reduce the risk of remote exploitation. 4) Monitor system logs and kernel crash reports for signs of this specific NULL pointer dereference and kernel panic to detect potential exploitation attempts. 5) Engage with hardware vendors to confirm device firmware compatibility and updates that may complement kernel patches. 6) For critical systems, consider deploying redundant network paths and failover mechanisms to minimize downtime in case of crashes. 7) Educate system administrators about the vulnerability and ensure incident response plans include procedures for kernel crash recovery related to network driver issues.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-19T14:20:24.185Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982bc4522896dcbe3e40
Added to database: 5/21/2025, 9:08:59 AM
Last enriched: 6/29/2025, 7:55:36 PM
Last updated: 7/31/2025, 10:08:54 AM
Views: 10
Related Threats
CVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.