CVE-2024-27060: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Fix NULL pointer dereference in tb_port_update_credits() Olliver reported that his system crashes when plugging in Thunderbolt 1 device: BUG: kernel NULL pointer dereference, address: 0000000000000020 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI RIP: 0010:tb_port_do_update_credits+0x1b/0x130 [thunderbolt] Call Trace: <TASK> ? __die+0x23/0x70 ? page_fault_oops+0x171/0x4e0 ? exc_page_fault+0x7f/0x180 ? asm_exc_page_fault+0x26/0x30 ? tb_port_do_update_credits+0x1b/0x130 ? tb_switch_update_link_attributes+0x83/0xd0 tb_switch_add+0x7a2/0xfe0 tb_scan_port+0x236/0x6f0 tb_handle_hotplug+0x6db/0x900 process_one_work+0x171/0x340 worker_thread+0x27b/0x3a0 ? __pfx_worker_thread+0x10/0x10 kthread+0xe5/0x120 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x31/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> This is due the fact that some Thunderbolt 1 devices only have one lane adapter. Fix this by checking for the lane 1 before we read its credits.
AI Analysis
Technical Summary
CVE-2024-27060 is a vulnerability found in the Linux kernel's Thunderbolt driver subsystem. Specifically, it involves a NULL pointer dereference occurring in the function tb_port_update_credits(), which is part of the Thunderbolt port management code. The issue arises when a Thunderbolt 1 device with a single lane adapter is plugged into the system. The kernel code incorrectly assumes the presence of multiple lanes and attempts to read credit information from lane 1 without verifying its existence. This leads to a NULL pointer dereference and consequently a kernel crash (BUG), resulting in a denial of service (DoS) condition. The kernel oops trace indicates that the fault occurs during hotplug handling of Thunderbolt devices, specifically when updating link attributes and scanning ports. The root cause is a missing check for the presence of lane 1 before accessing its credits. The vulnerability was reported by a user experiencing system crashes upon connecting Thunderbolt 1 devices. The fix involves adding a lane presence check before reading credits to prevent dereferencing a NULL pointer. This vulnerability affects Linux kernel versions identified by the given commit hashes prior to the patch. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability primarily poses a risk of system instability and denial of service on Linux systems that utilize Thunderbolt interfaces, particularly those connecting Thunderbolt 1 devices. Organizations relying on Linux servers, workstations, or embedded systems with Thunderbolt ports could experience unexpected kernel crashes when such devices are connected, potentially disrupting critical operations. This could affect sectors with high usage of Linux and Thunderbolt hardware, such as research institutions, media production companies, and technology firms. While the vulnerability does not appear to allow privilege escalation or remote code execution, the resulting kernel panic could lead to downtime, loss of productivity, and potential data loss if systems are not properly protected or if critical processes are interrupted. The impact is more pronounced in environments where Thunderbolt devices are frequently hot-plugged or where automated hardware management is in place. Given the lack of known exploits, the immediate threat level is moderate, but unpatched systems remain vulnerable to accidental or intentional triggering of this denial of service.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Apply the official Linux kernel patches that address CVE-2024-27060 as soon as they become available in their distribution's kernel updates. 2) If immediate patching is not possible, implement temporary operational controls such as restricting or monitoring the use of Thunderbolt 1 devices on critical Linux systems to prevent triggering the bug. 3) Disable Thunderbolt ports via BIOS/UEFI settings or kernel parameters if Thunderbolt functionality is not required, thereby eliminating the attack surface. 4) Employ kernel crash monitoring and automated recovery mechanisms to minimize downtime in case of a triggered crash. 5) Maintain an inventory of hardware using Thunderbolt interfaces to identify systems at risk and prioritize patch deployment accordingly. 6) Educate system administrators about the symptoms of this vulnerability and the importance of cautious device management. These steps go beyond generic advice by focusing on hardware-specific controls and operational practices tailored to the nature of this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Denmark, Ireland
CVE-2024-27060: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Fix NULL pointer dereference in tb_port_update_credits() Olliver reported that his system crashes when plugging in Thunderbolt 1 device: BUG: kernel NULL pointer dereference, address: 0000000000000020 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI RIP: 0010:tb_port_do_update_credits+0x1b/0x130 [thunderbolt] Call Trace: <TASK> ? __die+0x23/0x70 ? page_fault_oops+0x171/0x4e0 ? exc_page_fault+0x7f/0x180 ? asm_exc_page_fault+0x26/0x30 ? tb_port_do_update_credits+0x1b/0x130 ? tb_switch_update_link_attributes+0x83/0xd0 tb_switch_add+0x7a2/0xfe0 tb_scan_port+0x236/0x6f0 tb_handle_hotplug+0x6db/0x900 process_one_work+0x171/0x340 worker_thread+0x27b/0x3a0 ? __pfx_worker_thread+0x10/0x10 kthread+0xe5/0x120 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x31/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> This is due the fact that some Thunderbolt 1 devices only have one lane adapter. Fix this by checking for the lane 1 before we read its credits.
AI-Powered Analysis
Technical Analysis
CVE-2024-27060 is a vulnerability found in the Linux kernel's Thunderbolt driver subsystem. Specifically, it involves a NULL pointer dereference occurring in the function tb_port_update_credits(), which is part of the Thunderbolt port management code. The issue arises when a Thunderbolt 1 device with a single lane adapter is plugged into the system. The kernel code incorrectly assumes the presence of multiple lanes and attempts to read credit information from lane 1 without verifying its existence. This leads to a NULL pointer dereference and consequently a kernel crash (BUG), resulting in a denial of service (DoS) condition. The kernel oops trace indicates that the fault occurs during hotplug handling of Thunderbolt devices, specifically when updating link attributes and scanning ports. The root cause is a missing check for the presence of lane 1 before accessing its credits. The vulnerability was reported by a user experiencing system crashes upon connecting Thunderbolt 1 devices. The fix involves adding a lane presence check before reading credits to prevent dereferencing a NULL pointer. This vulnerability affects Linux kernel versions identified by the given commit hashes prior to the patch. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability primarily poses a risk of system instability and denial of service on Linux systems that utilize Thunderbolt interfaces, particularly those connecting Thunderbolt 1 devices. Organizations relying on Linux servers, workstations, or embedded systems with Thunderbolt ports could experience unexpected kernel crashes when such devices are connected, potentially disrupting critical operations. This could affect sectors with high usage of Linux and Thunderbolt hardware, such as research institutions, media production companies, and technology firms. While the vulnerability does not appear to allow privilege escalation or remote code execution, the resulting kernel panic could lead to downtime, loss of productivity, and potential data loss if systems are not properly protected or if critical processes are interrupted. The impact is more pronounced in environments where Thunderbolt devices are frequently hot-plugged or where automated hardware management is in place. Given the lack of known exploits, the immediate threat level is moderate, but unpatched systems remain vulnerable to accidental or intentional triggering of this denial of service.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Apply the official Linux kernel patches that address CVE-2024-27060 as soon as they become available in their distribution's kernel updates. 2) If immediate patching is not possible, implement temporary operational controls such as restricting or monitoring the use of Thunderbolt 1 devices on critical Linux systems to prevent triggering the bug. 3) Disable Thunderbolt ports via BIOS/UEFI settings or kernel parameters if Thunderbolt functionality is not required, thereby eliminating the attack surface. 4) Employ kernel crash monitoring and automated recovery mechanisms to minimize downtime in case of a triggered crash. 5) Maintain an inventory of hardware using Thunderbolt interfaces to identify systems at risk and prioritize patch deployment accordingly. 6) Educate system administrators about the symptoms of this vulnerability and the importance of cautious device management. These steps go beyond generic advice by focusing on hardware-specific controls and operational practices tailored to the nature of this vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-19T14:20:24.215Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ac4522896dcbe324d
Added to database: 5/21/2025, 9:08:58 AM
Last enriched: 6/29/2025, 2:57:03 PM
Last updated: 8/14/2025, 2:36:39 PM
Views: 11
Related Threats
CVE-2025-41242: Vulnerability in VMware Spring Framework
MediumCVE-2025-47206: CWE-787 in QNAP Systems Inc. File Station 5
HighCVE-2025-5296: CWE-59 Improper Link Resolution Before File Access ('Link Following') in Schneider Electric SESU
HighCVE-2025-6625: CWE-20 Improper Input Validation in Schneider Electric Modicon M340
HighCVE-2025-57703: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Delta Electronics DIAEnergie
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.