CVE-2024-46770: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: ice: Add netif_device_attach/detach into PF reset flow Ethtool callbacks can be executed while reset is in progress and try to access deleted resources, e.g. getting coalesce settings can result in a NULL pointer dereference seen below. Reproduction steps: Once the driver is fully initialized, trigger reset: # echo 1 > /sys/class/net/<interface>/device/reset when reset is in progress try to get coalesce settings using ethtool: # ethtool -c <interface> BUG: kernel NULL pointer dereference, address: 0000000000000020 PGD 0 P4D 0 Oops: Oops: 0000 [#1] PREEMPT SMP PTI CPU: 11 PID: 19713 Comm: ethtool Tainted: G S 6.10.0-rc7+ #7 RIP: 0010:ice_get_q_coalesce+0x2e/0xa0 [ice] RSP: 0018:ffffbab1e9bcf6a8 EFLAGS: 00010206 RAX: 000000000000000c RBX: ffff94512305b028 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffff9451c3f2e588 RDI: ffff9451c3f2e588 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: ffff9451c3f2e580 R11: 000000000000001f R12: ffff945121fa9000 R13: ffffbab1e9bcf760 R14: 0000000000000013 R15: ffffffff9e65dd40 FS: 00007faee5fbe740(0000) GS:ffff94546fd80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000020 CR3: 0000000106c2e005 CR4: 00000000001706f0 Call Trace: <TASK> ice_get_coalesce+0x17/0x30 [ice] coalesce_prepare_data+0x61/0x80 ethnl_default_doit+0xde/0x340 genl_family_rcv_msg_doit+0xf2/0x150 genl_rcv_msg+0x1b3/0x2c0 netlink_rcv_skb+0x5b/0x110 genl_rcv+0x28/0x40 netlink_unicast+0x19c/0x290 netlink_sendmsg+0x222/0x490 __sys_sendto+0x1df/0x1f0 __x64_sys_sendto+0x24/0x30 do_syscall_64+0x82/0x160 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7faee60d8e27 Calling netif_device_detach() before reset makes the net core not call the driver when ethtool command is issued, the attempt to execute an ethtool command during reset will result in the following message: netlink error: No such device instead of NULL pointer dereference. Once reset is done and ice_rebuild() is executing, the netif_device_attach() is called to allow for ethtool operations to occur again in a safe manner.
AI Analysis
Technical Summary
CVE-2024-46770 is a vulnerability in the Linux kernel affecting the ice network driver, which is used for Intel Ethernet devices. The issue arises during the device reset process. Specifically, the vulnerability is triggered when ethtool callbacks are executed while a network device reset is in progress. During this reset, certain resources are deleted, but ethtool commands such as retrieving coalesce settings may still attempt to access these now-invalid resources. This leads to a NULL pointer dereference in the kernel, causing a kernel oops (crash) and potentially destabilizing the system. The root cause is that the netif_device_attach/detach calls were not properly integrated into the device reset flow, allowing ethtool operations to run concurrently with device reset without proper synchronization. The vulnerability can be reproduced by triggering a reset on the network interface via the sysfs interface and simultaneously issuing an ethtool command to get coalesce settings, resulting in a kernel crash. The fix involves calling netif_device_detach before reset to prevent ethtool commands from accessing the device during reset, which causes ethtool to return a "No such device" error instead of causing a NULL pointer dereference. After reset, netif_device_attach is called to restore normal operation. This vulnerability does not require user interaction beyond issuing commands on the system and does not require authentication if the attacker has local access. There are no known exploits in the wild at the time of publication. The vulnerability affects Linux kernel versions containing the ice driver prior to the patch, notably kernel 6.10.0-rc7+ as referenced in the report. The impact is a denial of service via kernel crash, which could be leveraged for local privilege escalation or disruption of network services.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to servers and network infrastructure running vulnerable Linux kernels with Intel ice network drivers. Many enterprises, data centers, and cloud providers in Europe rely on Linux-based systems for critical network functions. A kernel crash induced by this vulnerability could lead to denial of service, disrupting network connectivity and impacting business operations. In environments where high availability and uptime are critical, such as financial institutions, telecommunications, and government networks, this could cause significant operational and reputational damage. Additionally, if exploited by a malicious insider or attacker with local access, it could be used as a stepping stone for privilege escalation or further compromise. Although remote exploitation is unlikely without local access, the widespread use of Linux in European infrastructure means that the vulnerability could be leveraged in targeted attacks or insider threat scenarios. The lack of known exploits reduces immediate risk but does not eliminate the potential for future exploitation once the vulnerability details are public.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the patch for CVE-2024-46770. Specifically, ensure that the ice driver reset flow includes netif_device_attach/detach calls as per the fix. System administrators should audit their network devices to identify those using the Intel ice driver and verify kernel versions. In environments where immediate patching is not feasible, temporary mitigation includes restricting local user access to systems running vulnerable kernels to prevent unauthorized ethtool commands during device resets. Monitoring kernel logs for oops or crashes related to the ice driver can help detect attempted exploitation. Additionally, organizations should implement strict access controls and limit the ability to execute ethtool commands to trusted administrators only. Network segmentation can reduce the risk of lateral movement if a system is compromised. Finally, coordinate with Linux distribution vendors and apply security updates promptly as they become available.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland, Belgium
CVE-2024-46770: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: ice: Add netif_device_attach/detach into PF reset flow Ethtool callbacks can be executed while reset is in progress and try to access deleted resources, e.g. getting coalesce settings can result in a NULL pointer dereference seen below. Reproduction steps: Once the driver is fully initialized, trigger reset: # echo 1 > /sys/class/net/<interface>/device/reset when reset is in progress try to get coalesce settings using ethtool: # ethtool -c <interface> BUG: kernel NULL pointer dereference, address: 0000000000000020 PGD 0 P4D 0 Oops: Oops: 0000 [#1] PREEMPT SMP PTI CPU: 11 PID: 19713 Comm: ethtool Tainted: G S 6.10.0-rc7+ #7 RIP: 0010:ice_get_q_coalesce+0x2e/0xa0 [ice] RSP: 0018:ffffbab1e9bcf6a8 EFLAGS: 00010206 RAX: 000000000000000c RBX: ffff94512305b028 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffff9451c3f2e588 RDI: ffff9451c3f2e588 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: ffff9451c3f2e580 R11: 000000000000001f R12: ffff945121fa9000 R13: ffffbab1e9bcf760 R14: 0000000000000013 R15: ffffffff9e65dd40 FS: 00007faee5fbe740(0000) GS:ffff94546fd80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000020 CR3: 0000000106c2e005 CR4: 00000000001706f0 Call Trace: <TASK> ice_get_coalesce+0x17/0x30 [ice] coalesce_prepare_data+0x61/0x80 ethnl_default_doit+0xde/0x340 genl_family_rcv_msg_doit+0xf2/0x150 genl_rcv_msg+0x1b3/0x2c0 netlink_rcv_skb+0x5b/0x110 genl_rcv+0x28/0x40 netlink_unicast+0x19c/0x290 netlink_sendmsg+0x222/0x490 __sys_sendto+0x1df/0x1f0 __x64_sys_sendto+0x24/0x30 do_syscall_64+0x82/0x160 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7faee60d8e27 Calling netif_device_detach() before reset makes the net core not call the driver when ethtool command is issued, the attempt to execute an ethtool command during reset will result in the following message: netlink error: No such device instead of NULL pointer dereference. Once reset is done and ice_rebuild() is executing, the netif_device_attach() is called to allow for ethtool operations to occur again in a safe manner.
AI-Powered Analysis
Technical Analysis
CVE-2024-46770 is a vulnerability in the Linux kernel affecting the ice network driver, which is used for Intel Ethernet devices. The issue arises during the device reset process. Specifically, the vulnerability is triggered when ethtool callbacks are executed while a network device reset is in progress. During this reset, certain resources are deleted, but ethtool commands such as retrieving coalesce settings may still attempt to access these now-invalid resources. This leads to a NULL pointer dereference in the kernel, causing a kernel oops (crash) and potentially destabilizing the system. The root cause is that the netif_device_attach/detach calls were not properly integrated into the device reset flow, allowing ethtool operations to run concurrently with device reset without proper synchronization. The vulnerability can be reproduced by triggering a reset on the network interface via the sysfs interface and simultaneously issuing an ethtool command to get coalesce settings, resulting in a kernel crash. The fix involves calling netif_device_detach before reset to prevent ethtool commands from accessing the device during reset, which causes ethtool to return a "No such device" error instead of causing a NULL pointer dereference. After reset, netif_device_attach is called to restore normal operation. This vulnerability does not require user interaction beyond issuing commands on the system and does not require authentication if the attacker has local access. There are no known exploits in the wild at the time of publication. The vulnerability affects Linux kernel versions containing the ice driver prior to the patch, notably kernel 6.10.0-rc7+ as referenced in the report. The impact is a denial of service via kernel crash, which could be leveraged for local privilege escalation or disruption of network services.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to servers and network infrastructure running vulnerable Linux kernels with Intel ice network drivers. Many enterprises, data centers, and cloud providers in Europe rely on Linux-based systems for critical network functions. A kernel crash induced by this vulnerability could lead to denial of service, disrupting network connectivity and impacting business operations. In environments where high availability and uptime are critical, such as financial institutions, telecommunications, and government networks, this could cause significant operational and reputational damage. Additionally, if exploited by a malicious insider or attacker with local access, it could be used as a stepping stone for privilege escalation or further compromise. Although remote exploitation is unlikely without local access, the widespread use of Linux in European infrastructure means that the vulnerability could be leveraged in targeted attacks or insider threat scenarios. The lack of known exploits reduces immediate risk but does not eliminate the potential for future exploitation once the vulnerability details are public.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the patch for CVE-2024-46770. Specifically, ensure that the ice driver reset flow includes netif_device_attach/detach calls as per the fix. System administrators should audit their network devices to identify those using the Intel ice driver and verify kernel versions. In environments where immediate patching is not feasible, temporary mitigation includes restricting local user access to systems running vulnerable kernels to prevent unauthorized ethtool commands during device resets. Monitoring kernel logs for oops or crashes related to the ice driver can help detect attempted exploitation. Additionally, organizations should implement strict access controls and limit the ability to execute ethtool commands to trusted administrators only. Network segmentation can reduce the risk of lateral movement if a system is compromised. Finally, coordinate with Linux distribution vendors and apply security updates promptly as they become available.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-09-11T15:12:18.274Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9826c4522896dcbe124b
Added to database: 5/21/2025, 9:08:54 AM
Last enriched: 6/29/2025, 1:26:27 AM
Last updated: 8/16/2025, 12:05:47 AM
Views: 16
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.