CVE-2024-40961: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible NULL deref in fib6_nh_init() syzbot reminds us that in6_dev_get() can return NULL. fib6_nh_init() ip6_validate_gw( &idev ) ip6_route_check_nh( idev ) *idev = in6_dev_get(dev); // can be NULL Oops: general protection fault, probably for non-canonical address 0xdffffc00000000bc: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x00000000000005e0-0x00000000000005e7] CPU: 0 PID: 11237 Comm: syz-executor.3 Not tainted 6.10.0-rc2-syzkaller-00249-gbe27b8965297 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 RIP: 0010:fib6_nh_init+0x640/0x2160 net/ipv6/route.c:3606 Code: 00 00 fc ff df 4c 8b 64 24 58 48 8b 44 24 28 4c 8b 74 24 30 48 89 c1 48 89 44 24 28 48 8d 98 e0 05 00 00 48 89 d8 48 c1 e8 03 <42> 0f b6 04 38 84 c0 0f 85 b3 17 00 00 8b 1b 31 ff 89 de e8 b8 8b RSP: 0018:ffffc900032775a0 EFLAGS: 00010202 RAX: 00000000000000bc RBX: 00000000000005e0 RCX: 0000000000000000 RDX: 0000000000000010 RSI: ffffc90003277a54 RDI: ffff88802b3a08d8 RBP: ffffc900032778b0 R08: 00000000000002fc R09: 0000000000000000 R10: 00000000000002fc R11: 0000000000000000 R12: ffff88802b3a08b8 R13: 1ffff9200064eec8 R14: ffffc90003277a00 R15: dffffc0000000000 FS: 00007f940feb06c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 00000000245e8000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ip6_route_info_create+0x99e/0x12b0 net/ipv6/route.c:3809 ip6_route_add+0x28/0x160 net/ipv6/route.c:3853 ipv6_route_ioctl+0x588/0x870 net/ipv6/route.c:4483 inet6_ioctl+0x21a/0x280 net/ipv6/af_inet6.c:579 sock_do_ioctl+0x158/0x460 net/socket.c:1222 sock_ioctl+0x629/0x8e0 net/socket.c:1341 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f940f07cea9
AI Analysis
Technical Summary
CVE-2024-40961 is a vulnerability identified in the Linux kernel's IPv6 networking stack, specifically within the fib6_nh_init() function responsible for initializing IPv6 next-hop routing information. The root cause is a potential NULL pointer dereference due to the function in6_dev_get() returning NULL, which is not properly checked before use. This leads to a general protection fault (kernel panic) when the kernel attempts to access memory through a NULL pointer. The vulnerability manifests when handling non-canonical IPv6 addresses, causing the kernel to crash. The stack trace indicates the fault occurs during IPv6 route initialization and ioctl operations related to IPv6 routing. This vulnerability can be triggered by crafted IPv6 routing requests or ioctl calls, potentially by local users or processes interacting with the network stack. The issue was discovered and reported by syzbot, a kernel fuzzing tool, highlighting the importance of automated testing in identifying such critical flaws. Although no CVSS score is assigned yet, the vulnerability is significant because it can cause denial of service by crashing the kernel, impacting system availability. The vulnerability affects Linux kernel versions prior to the patch that addresses the NULL pointer dereference in fib6_nh_init(). No known exploits are currently reported in the wild, but the nature of the flaw makes it a candidate for exploitation in environments where untrusted users have the ability to influence IPv6 routing configurations or send crafted ioctl requests.
Potential Impact
For European organizations, the impact of CVE-2024-40961 can be substantial, especially for those relying heavily on Linux-based infrastructure for critical services, including cloud providers, telecommunications, financial institutions, and government agencies. A successful exploitation leads to kernel crashes causing denial of service, which can disrupt network connectivity and availability of services. This is particularly critical in environments using IPv6 extensively, such as modern data centers and ISPs. The vulnerability could be exploited by malicious insiders or attackers who gain limited access to systems, potentially escalating disruption without needing full administrative privileges. The downtime caused by kernel panics can lead to operational interruptions, financial losses, and reputational damage. Additionally, recovery from such crashes may require manual intervention or system reboots, increasing operational overhead. Given the widespread use of Linux in European IT infrastructure, the vulnerability poses a risk to a broad range of sectors, including critical infrastructure and public services.
Mitigation Recommendations
1. Immediate application of the official Linux kernel patch that fixes the NULL pointer dereference in fib6_nh_init() is the most effective mitigation. Organizations should prioritize updating to the latest stable kernel versions that include this fix. 2. For environments where immediate patching is not feasible, restrict access to IPv6 routing configuration interfaces and ioctl calls to trusted administrators only, minimizing the risk of exploitation by unprivileged users. 3. Implement network segmentation and strict firewall rules to limit exposure of vulnerable systems to untrusted networks, especially where IPv6 traffic is involved. 4. Monitor system logs and kernel crash reports for signs of exploitation attempts or unusual IPv6 routing activity. 5. Employ kernel hardening techniques such as Kernel Address Sanitizer (KASAN) and other runtime protections to detect and prevent memory corruption issues. 6. Conduct thorough testing of kernel updates in staging environments before deployment to production to ensure stability and compatibility. 7. Educate system administrators about the vulnerability and the importance of timely patching and secure configuration of IPv6 networking components.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Denmark, Ireland, Belgium, Italy
CVE-2024-40961: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible NULL deref in fib6_nh_init() syzbot reminds us that in6_dev_get() can return NULL. fib6_nh_init() ip6_validate_gw( &idev ) ip6_route_check_nh( idev ) *idev = in6_dev_get(dev); // can be NULL Oops: general protection fault, probably for non-canonical address 0xdffffc00000000bc: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x00000000000005e0-0x00000000000005e7] CPU: 0 PID: 11237 Comm: syz-executor.3 Not tainted 6.10.0-rc2-syzkaller-00249-gbe27b8965297 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 RIP: 0010:fib6_nh_init+0x640/0x2160 net/ipv6/route.c:3606 Code: 00 00 fc ff df 4c 8b 64 24 58 48 8b 44 24 28 4c 8b 74 24 30 48 89 c1 48 89 44 24 28 48 8d 98 e0 05 00 00 48 89 d8 48 c1 e8 03 <42> 0f b6 04 38 84 c0 0f 85 b3 17 00 00 8b 1b 31 ff 89 de e8 b8 8b RSP: 0018:ffffc900032775a0 EFLAGS: 00010202 RAX: 00000000000000bc RBX: 00000000000005e0 RCX: 0000000000000000 RDX: 0000000000000010 RSI: ffffc90003277a54 RDI: ffff88802b3a08d8 RBP: ffffc900032778b0 R08: 00000000000002fc R09: 0000000000000000 R10: 00000000000002fc R11: 0000000000000000 R12: ffff88802b3a08b8 R13: 1ffff9200064eec8 R14: ffffc90003277a00 R15: dffffc0000000000 FS: 00007f940feb06c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 00000000245e8000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ip6_route_info_create+0x99e/0x12b0 net/ipv6/route.c:3809 ip6_route_add+0x28/0x160 net/ipv6/route.c:3853 ipv6_route_ioctl+0x588/0x870 net/ipv6/route.c:4483 inet6_ioctl+0x21a/0x280 net/ipv6/af_inet6.c:579 sock_do_ioctl+0x158/0x460 net/socket.c:1222 sock_ioctl+0x629/0x8e0 net/socket.c:1341 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f940f07cea9
AI-Powered Analysis
Technical Analysis
CVE-2024-40961 is a vulnerability identified in the Linux kernel's IPv6 networking stack, specifically within the fib6_nh_init() function responsible for initializing IPv6 next-hop routing information. The root cause is a potential NULL pointer dereference due to the function in6_dev_get() returning NULL, which is not properly checked before use. This leads to a general protection fault (kernel panic) when the kernel attempts to access memory through a NULL pointer. The vulnerability manifests when handling non-canonical IPv6 addresses, causing the kernel to crash. The stack trace indicates the fault occurs during IPv6 route initialization and ioctl operations related to IPv6 routing. This vulnerability can be triggered by crafted IPv6 routing requests or ioctl calls, potentially by local users or processes interacting with the network stack. The issue was discovered and reported by syzbot, a kernel fuzzing tool, highlighting the importance of automated testing in identifying such critical flaws. Although no CVSS score is assigned yet, the vulnerability is significant because it can cause denial of service by crashing the kernel, impacting system availability. The vulnerability affects Linux kernel versions prior to the patch that addresses the NULL pointer dereference in fib6_nh_init(). No known exploits are currently reported in the wild, but the nature of the flaw makes it a candidate for exploitation in environments where untrusted users have the ability to influence IPv6 routing configurations or send crafted ioctl requests.
Potential Impact
For European organizations, the impact of CVE-2024-40961 can be substantial, especially for those relying heavily on Linux-based infrastructure for critical services, including cloud providers, telecommunications, financial institutions, and government agencies. A successful exploitation leads to kernel crashes causing denial of service, which can disrupt network connectivity and availability of services. This is particularly critical in environments using IPv6 extensively, such as modern data centers and ISPs. The vulnerability could be exploited by malicious insiders or attackers who gain limited access to systems, potentially escalating disruption without needing full administrative privileges. The downtime caused by kernel panics can lead to operational interruptions, financial losses, and reputational damage. Additionally, recovery from such crashes may require manual intervention or system reboots, increasing operational overhead. Given the widespread use of Linux in European IT infrastructure, the vulnerability poses a risk to a broad range of sectors, including critical infrastructure and public services.
Mitigation Recommendations
1. Immediate application of the official Linux kernel patch that fixes the NULL pointer dereference in fib6_nh_init() is the most effective mitigation. Organizations should prioritize updating to the latest stable kernel versions that include this fix. 2. For environments where immediate patching is not feasible, restrict access to IPv6 routing configuration interfaces and ioctl calls to trusted administrators only, minimizing the risk of exploitation by unprivileged users. 3. Implement network segmentation and strict firewall rules to limit exposure of vulnerable systems to untrusted networks, especially where IPv6 traffic is involved. 4. Monitor system logs and kernel crash reports for signs of exploitation attempts or unusual IPv6 routing activity. 5. Employ kernel hardening techniques such as Kernel Address Sanitizer (KASAN) and other runtime protections to detect and prevent memory corruption issues. 6. Conduct thorough testing of kernel updates in staging environments before deployment to production to ensure stability and compatibility. 7. Educate system administrators about the vulnerability and the importance of timely patching and secure configuration of IPv6 networking components.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-07-12T12:17:45.594Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9827c4522896dcbe14e0
Added to database: 5/21/2025, 9:08:55 AM
Last enriched: 6/29/2025, 2:54:46 AM
Last updated: 8/1/2025, 6:18:17 PM
Views: 12
Related Threats
Researcher to release exploit for full auth bypass on FortiWeb
HighCVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.