CVE-2024-46679: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: ethtool: check device is present when getting link settings A sysfs reader can race with a device reset or removal, attempting to read device state when the device is not actually present. eg: [exception RIP: qed_get_current_link+17] #8 [ffffb9e4f2907c48] qede_get_link_ksettings at ffffffffc07a994a [qede] #9 [ffffb9e4f2907cd8] __rh_call_get_link_ksettings at ffffffff992b01a3 #10 [ffffb9e4f2907d38] __ethtool_get_link_ksettings at ffffffff992b04e4 #11 [ffffb9e4f2907d90] duplex_show at ffffffff99260300 #12 [ffffb9e4f2907e38] dev_attr_show at ffffffff9905a01c #13 [ffffb9e4f2907e50] sysfs_kf_seq_show at ffffffff98e0145b #14 [ffffb9e4f2907e68] seq_read at ffffffff98d902e3 #15 [ffffb9e4f2907ec8] vfs_read at ffffffff98d657d1 #16 [ffffb9e4f2907f00] ksys_read at ffffffff98d65c3f #17 [ffffb9e4f2907f38] do_syscall_64 at ffffffff98a052fb crash> struct net_device.state ffff9a9d21336000 state = 5, state 5 is __LINK_STATE_START (0b1) and __LINK_STATE_NOCARRIER (0b100). The device is not present, note lack of __LINK_STATE_PRESENT (0b10). This is the same sort of panic as observed in commit 4224cfd7fb65 ("net-sysfs: add check for netdevice being present to speed_show"). There are many other callers of __ethtool_get_link_ksettings() which don't have a device presence check. Move this check into ethtool to protect all callers.
AI Analysis
Technical Summary
CVE-2024-46679 is a vulnerability identified in the Linux kernel's ethtool interface, specifically related to how the system handles device presence checks when retrieving link settings. The vulnerability arises because the ethtool subsystem does not adequately verify whether a network device is actually present before attempting to read its link state. This can lead to a race condition where a sysfs reader attempts to access device state information while the device is being reset or removed. The race condition can cause the kernel to dereference invalid pointers or access stale device state, resulting in a kernel panic or system crash. The vulnerability is exemplified by the function call stack involving qede_get_current_link and __ethtool_get_link_ksettings, where the device state lacks the __LINK_STATE_PRESENT flag, indicating the device is not present. This issue is similar to a previously addressed panic caused by missing device presence checks in net-sysfs. The fix involves moving the device presence check into the ethtool core code to ensure all callers verify device presence before accessing link settings, thus preventing the race condition and potential kernel panic. This vulnerability affects multiple versions of the Linux kernel identified by the commit hash d519e17e2d01a0ee9abe083019532061b4438065 and was published on September 13, 2024. No known exploits are currently reported in the wild.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running affected Linux kernel versions, especially those utilizing network devices managed via ethtool. The impact includes potential denial of service (DoS) through kernel panics triggered by race conditions when querying network device link settings. This could disrupt critical network infrastructure, servers, and cloud environments relying on Linux, leading to service outages and operational downtime. Confidentiality and integrity are less directly impacted since the vulnerability does not enable privilege escalation or arbitrary code execution. However, availability degradation can have cascading effects on business continuity, especially for sectors dependent on stable network connectivity such as finance, telecommunications, healthcare, and government services. The absence of known exploits reduces immediate risk, but the ease of triggering kernel panics via sysfs reads suggests that attackers with local access or the ability to induce device resets could exploit this vulnerability. European organizations with large-scale Linux deployments, including data centers and cloud providers, should consider this a moderate risk to system stability and availability.
Mitigation Recommendations
To mitigate CVE-2024-46679, European organizations should prioritize applying the official Linux kernel patches that introduce device presence checks within the ethtool subsystem. Kernel upgrades to versions containing the fix (post commit d519e17e2d01a0ee9abe083019532061b4438065) are essential. Organizations should also audit and restrict access to sysfs interfaces related to network devices to limit the ability of unprivileged users or processes to trigger the race condition. Implementing strict access controls and monitoring for unusual sysfs read activity can help detect exploitation attempts. For environments where immediate patching is not feasible, consider isolating critical network devices or employing kernel lockdown features to reduce the attack surface. Additionally, maintain robust system monitoring and alerting to quickly identify kernel panics or unexpected reboots that may indicate exploitation attempts. Coordination with Linux distribution vendors for timely updates and testing patches in staging environments before production deployment is recommended to ensure stability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland, Belgium
CVE-2024-46679: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: ethtool: check device is present when getting link settings A sysfs reader can race with a device reset or removal, attempting to read device state when the device is not actually present. eg: [exception RIP: qed_get_current_link+17] #8 [ffffb9e4f2907c48] qede_get_link_ksettings at ffffffffc07a994a [qede] #9 [ffffb9e4f2907cd8] __rh_call_get_link_ksettings at ffffffff992b01a3 #10 [ffffb9e4f2907d38] __ethtool_get_link_ksettings at ffffffff992b04e4 #11 [ffffb9e4f2907d90] duplex_show at ffffffff99260300 #12 [ffffb9e4f2907e38] dev_attr_show at ffffffff9905a01c #13 [ffffb9e4f2907e50] sysfs_kf_seq_show at ffffffff98e0145b #14 [ffffb9e4f2907e68] seq_read at ffffffff98d902e3 #15 [ffffb9e4f2907ec8] vfs_read at ffffffff98d657d1 #16 [ffffb9e4f2907f00] ksys_read at ffffffff98d65c3f #17 [ffffb9e4f2907f38] do_syscall_64 at ffffffff98a052fb crash> struct net_device.state ffff9a9d21336000 state = 5, state 5 is __LINK_STATE_START (0b1) and __LINK_STATE_NOCARRIER (0b100). The device is not present, note lack of __LINK_STATE_PRESENT (0b10). This is the same sort of panic as observed in commit 4224cfd7fb65 ("net-sysfs: add check for netdevice being present to speed_show"). There are many other callers of __ethtool_get_link_ksettings() which don't have a device presence check. Move this check into ethtool to protect all callers.
AI-Powered Analysis
Technical Analysis
CVE-2024-46679 is a vulnerability identified in the Linux kernel's ethtool interface, specifically related to how the system handles device presence checks when retrieving link settings. The vulnerability arises because the ethtool subsystem does not adequately verify whether a network device is actually present before attempting to read its link state. This can lead to a race condition where a sysfs reader attempts to access device state information while the device is being reset or removed. The race condition can cause the kernel to dereference invalid pointers or access stale device state, resulting in a kernel panic or system crash. The vulnerability is exemplified by the function call stack involving qede_get_current_link and __ethtool_get_link_ksettings, where the device state lacks the __LINK_STATE_PRESENT flag, indicating the device is not present. This issue is similar to a previously addressed panic caused by missing device presence checks in net-sysfs. The fix involves moving the device presence check into the ethtool core code to ensure all callers verify device presence before accessing link settings, thus preventing the race condition and potential kernel panic. This vulnerability affects multiple versions of the Linux kernel identified by the commit hash d519e17e2d01a0ee9abe083019532061b4438065 and was published on September 13, 2024. No known exploits are currently reported in the wild.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running affected Linux kernel versions, especially those utilizing network devices managed via ethtool. The impact includes potential denial of service (DoS) through kernel panics triggered by race conditions when querying network device link settings. This could disrupt critical network infrastructure, servers, and cloud environments relying on Linux, leading to service outages and operational downtime. Confidentiality and integrity are less directly impacted since the vulnerability does not enable privilege escalation or arbitrary code execution. However, availability degradation can have cascading effects on business continuity, especially for sectors dependent on stable network connectivity such as finance, telecommunications, healthcare, and government services. The absence of known exploits reduces immediate risk, but the ease of triggering kernel panics via sysfs reads suggests that attackers with local access or the ability to induce device resets could exploit this vulnerability. European organizations with large-scale Linux deployments, including data centers and cloud providers, should consider this a moderate risk to system stability and availability.
Mitigation Recommendations
To mitigate CVE-2024-46679, European organizations should prioritize applying the official Linux kernel patches that introduce device presence checks within the ethtool subsystem. Kernel upgrades to versions containing the fix (post commit d519e17e2d01a0ee9abe083019532061b4438065) are essential. Organizations should also audit and restrict access to sysfs interfaces related to network devices to limit the ability of unprivileged users or processes to trigger the race condition. Implementing strict access controls and monitoring for unusual sysfs read activity can help detect exploitation attempts. For environments where immediate patching is not feasible, consider isolating critical network devices or employing kernel lockdown features to reduce the attack surface. Additionally, maintain robust system monitoring and alerting to quickly identify kernel panics or unexpected reboots that may indicate exploitation attempts. Coordination with Linux distribution vendors for timely updates and testing patches in staging environments before production deployment is recommended to ensure stability.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-09-11T15:12:18.248Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9826c4522896dcbe0f84
Added to database: 5/21/2025, 9:08:54 AM
Last enriched: 6/29/2025, 12:11:09 AM
Last updated: 8/16/2025, 12:42:48 AM
Views: 16
Related Threats
CVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.