CVE-2024-56649: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net: enetc: Do not configure preemptible TCs if SIs do not support Both ENETC PF and VF drivers share enetc_setup_tc_mqprio() to configure MQPRIO. And enetc_setup_tc_mqprio() calls enetc_change_preemptible_tcs() to configure preemptible TCs. However, only PF is able to configure preemptible TCs. Because only PF has related registers, while VF does not have these registers. So for VF, its hw->port pointer is NULL. Therefore, VF will access an invalid pointer when accessing a non-existent register, which will cause a crash issue. The simplified log is as follows. root@ls1028ardb:~# tc qdisc add dev eno0vf0 parent root handle 100: \ mqprio num_tc 4 map 0 0 1 1 2 2 3 3 queues 1@0 1@1 1@2 1@3 hw 1 [ 187.290775] Unable to handle kernel paging request at virtual address 0000000000001f00 [ 187.424831] pc : enetc_mm_commit_preemptible_tcs+0x1c4/0x400 [ 187.430518] lr : enetc_mm_commit_preemptible_tcs+0x30c/0x400 [ 187.511140] Call trace: [ 187.513588] enetc_mm_commit_preemptible_tcs+0x1c4/0x400 [ 187.518918] enetc_setup_tc_mqprio+0x180/0x214 [ 187.523374] enetc_vf_setup_tc+0x1c/0x30 [ 187.527306] mqprio_enable_offload+0x144/0x178 [ 187.531766] mqprio_init+0x3ec/0x668 [ 187.535351] qdisc_create+0x15c/0x488 [ 187.539023] tc_modify_qdisc+0x398/0x73c [ 187.542958] rtnetlink_rcv_msg+0x128/0x378 [ 187.547064] netlink_rcv_skb+0x60/0x130 [ 187.550910] rtnetlink_rcv+0x18/0x24 [ 187.554492] netlink_unicast+0x300/0x36c [ 187.558425] netlink_sendmsg+0x1a8/0x420 [ 187.606759] ---[ end trace 0000000000000000 ]--- In addition, some PFs also do not support configuring preemptible TCs, such as eno1 and eno3 on LS1028A. It won't crash like it does for VFs, but we should prevent these PFs from accessing these unimplemented registers.
AI Analysis
Technical Summary
CVE-2024-56649 is a vulnerability identified in the Linux kernel's ENETC (Ethernet Controller) driver, specifically affecting the configuration of preemptible Traffic Classes (TCs) in the network queuing discipline (mqprio) setup. The issue arises because both Physical Function (PF) and Virtual Function (VF) drivers share the function enetc_setup_tc_mqprio() to configure MQPRIO, which internally calls enetc_change_preemptible_tcs() to configure preemptible TCs. However, only PF drivers have the necessary hardware registers to support preemptible TCs, while VF drivers lack these registers, resulting in a NULL hw->port pointer. When VF drivers attempt to access these non-existent registers, a NULL pointer dereference occurs, causing a kernel crash (panic). This is evidenced by kernel logs showing an invalid memory access during the execution of enetc_mm_commit_preemptible_tcs(). Additionally, some PFs, such as eno1 and eno3 on the LS1028A platform, do not support configuring preemptible TCs either. While these PFs do not cause crashes, the vulnerability highlights the need to prevent access to unimplemented registers to avoid instability. This vulnerability can be triggered by a network administrator or attacker with the ability to configure traffic control (tc) settings on affected network interfaces, specifically by issuing commands to add mqprio qdiscs with preemptible TCs on VF devices. The root cause is a lack of proper validation and differentiation between PF and VF capabilities in the driver code, leading to unsafe memory access in the kernel space. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The vulnerability affects Linux kernel versions containing the affected commit (hash 827145392a4aad635b93e5235b7d7fecc2fa31c7) and likely impacts systems using ENETC network controllers with VF support, commonly found in embedded or specialized networking hardware platforms such as LS1028A.
Potential Impact
For European organizations, the impact of CVE-2024-56649 depends on their deployment of Linux systems utilizing ENETC network controllers with VF capabilities. The vulnerability can cause kernel crashes, leading to denial of service (DoS) conditions on affected hosts. This can disrupt critical network functions, especially in environments relying on virtualized network functions or containerized workloads where VF devices are used for performance and isolation. Industries such as telecommunications, cloud service providers, and enterprises with advanced networking infrastructure may be particularly affected if they use hardware platforms like LS1028A or similar that incorporate ENETC controllers. A kernel crash can result in service outages, data loss, and operational downtime, impacting business continuity and potentially violating regulatory requirements for availability and resilience. Since exploitation requires local administrative privileges to configure traffic control settings, the threat is mitigated somewhat by access controls. However, insider threats or compromised administrative accounts could leverage this vulnerability to cause disruption. Additionally, automated orchestration or configuration management tools that apply network settings could inadvertently trigger the crash if not updated. Overall, the vulnerability poses a medium risk to European organizations with relevant hardware and Linux kernel versions, primarily through DoS attacks affecting network stability and availability.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address this vulnerability by adding proper checks to prevent VF drivers from accessing unimplemented registers and disabling preemptible TC configuration on unsupported PFs. 2. Audit and restrict administrative access to systems with ENETC network controllers to minimize the risk of unauthorized or accidental triggering of the vulnerability via traffic control commands. 3. Implement monitoring of kernel logs and network configuration changes to detect attempts to add mqprio qdiscs with preemptible TCs on VF devices. 4. For environments using orchestration or automation tools, update scripts and configurations to avoid applying mqprio settings that enable preemptible TCs on VF interfaces. 5. If patching is not immediately possible, consider disabling or avoiding the use of VF devices on affected hardware or refrain from configuring preemptible TCs until a fix is applied. 6. Engage with hardware vendors to confirm the presence of ENETC controllers and obtain guidance or firmware updates that may complement kernel patches. 7. Conduct thorough testing in staging environments before deploying network configuration changes to production systems to prevent inadvertent crashes.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy
CVE-2024-56649: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net: enetc: Do not configure preemptible TCs if SIs do not support Both ENETC PF and VF drivers share enetc_setup_tc_mqprio() to configure MQPRIO. And enetc_setup_tc_mqprio() calls enetc_change_preemptible_tcs() to configure preemptible TCs. However, only PF is able to configure preemptible TCs. Because only PF has related registers, while VF does not have these registers. So for VF, its hw->port pointer is NULL. Therefore, VF will access an invalid pointer when accessing a non-existent register, which will cause a crash issue. The simplified log is as follows. root@ls1028ardb:~# tc qdisc add dev eno0vf0 parent root handle 100: \ mqprio num_tc 4 map 0 0 1 1 2 2 3 3 queues 1@0 1@1 1@2 1@3 hw 1 [ 187.290775] Unable to handle kernel paging request at virtual address 0000000000001f00 [ 187.424831] pc : enetc_mm_commit_preemptible_tcs+0x1c4/0x400 [ 187.430518] lr : enetc_mm_commit_preemptible_tcs+0x30c/0x400 [ 187.511140] Call trace: [ 187.513588] enetc_mm_commit_preemptible_tcs+0x1c4/0x400 [ 187.518918] enetc_setup_tc_mqprio+0x180/0x214 [ 187.523374] enetc_vf_setup_tc+0x1c/0x30 [ 187.527306] mqprio_enable_offload+0x144/0x178 [ 187.531766] mqprio_init+0x3ec/0x668 [ 187.535351] qdisc_create+0x15c/0x488 [ 187.539023] tc_modify_qdisc+0x398/0x73c [ 187.542958] rtnetlink_rcv_msg+0x128/0x378 [ 187.547064] netlink_rcv_skb+0x60/0x130 [ 187.550910] rtnetlink_rcv+0x18/0x24 [ 187.554492] netlink_unicast+0x300/0x36c [ 187.558425] netlink_sendmsg+0x1a8/0x420 [ 187.606759] ---[ end trace 0000000000000000 ]--- In addition, some PFs also do not support configuring preemptible TCs, such as eno1 and eno3 on LS1028A. It won't crash like it does for VFs, but we should prevent these PFs from accessing these unimplemented registers.
AI-Powered Analysis
Technical Analysis
CVE-2024-56649 is a vulnerability identified in the Linux kernel's ENETC (Ethernet Controller) driver, specifically affecting the configuration of preemptible Traffic Classes (TCs) in the network queuing discipline (mqprio) setup. The issue arises because both Physical Function (PF) and Virtual Function (VF) drivers share the function enetc_setup_tc_mqprio() to configure MQPRIO, which internally calls enetc_change_preemptible_tcs() to configure preemptible TCs. However, only PF drivers have the necessary hardware registers to support preemptible TCs, while VF drivers lack these registers, resulting in a NULL hw->port pointer. When VF drivers attempt to access these non-existent registers, a NULL pointer dereference occurs, causing a kernel crash (panic). This is evidenced by kernel logs showing an invalid memory access during the execution of enetc_mm_commit_preemptible_tcs(). Additionally, some PFs, such as eno1 and eno3 on the LS1028A platform, do not support configuring preemptible TCs either. While these PFs do not cause crashes, the vulnerability highlights the need to prevent access to unimplemented registers to avoid instability. This vulnerability can be triggered by a network administrator or attacker with the ability to configure traffic control (tc) settings on affected network interfaces, specifically by issuing commands to add mqprio qdiscs with preemptible TCs on VF devices. The root cause is a lack of proper validation and differentiation between PF and VF capabilities in the driver code, leading to unsafe memory access in the kernel space. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The vulnerability affects Linux kernel versions containing the affected commit (hash 827145392a4aad635b93e5235b7d7fecc2fa31c7) and likely impacts systems using ENETC network controllers with VF support, commonly found in embedded or specialized networking hardware platforms such as LS1028A.
Potential Impact
For European organizations, the impact of CVE-2024-56649 depends on their deployment of Linux systems utilizing ENETC network controllers with VF capabilities. The vulnerability can cause kernel crashes, leading to denial of service (DoS) conditions on affected hosts. This can disrupt critical network functions, especially in environments relying on virtualized network functions or containerized workloads where VF devices are used for performance and isolation. Industries such as telecommunications, cloud service providers, and enterprises with advanced networking infrastructure may be particularly affected if they use hardware platforms like LS1028A or similar that incorporate ENETC controllers. A kernel crash can result in service outages, data loss, and operational downtime, impacting business continuity and potentially violating regulatory requirements for availability and resilience. Since exploitation requires local administrative privileges to configure traffic control settings, the threat is mitigated somewhat by access controls. However, insider threats or compromised administrative accounts could leverage this vulnerability to cause disruption. Additionally, automated orchestration or configuration management tools that apply network settings could inadvertently trigger the crash if not updated. Overall, the vulnerability poses a medium risk to European organizations with relevant hardware and Linux kernel versions, primarily through DoS attacks affecting network stability and availability.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address this vulnerability by adding proper checks to prevent VF drivers from accessing unimplemented registers and disabling preemptible TC configuration on unsupported PFs. 2. Audit and restrict administrative access to systems with ENETC network controllers to minimize the risk of unauthorized or accidental triggering of the vulnerability via traffic control commands. 3. Implement monitoring of kernel logs and network configuration changes to detect attempts to add mqprio qdiscs with preemptible TCs on VF devices. 4. For environments using orchestration or automation tools, update scripts and configurations to avoid applying mqprio settings that enable preemptible TCs on VF interfaces. 5. If patching is not immediately possible, consider disabling or avoiding the use of VF devices on affected hardware or refrain from configuring preemptible TCs until a fix is applied. 6. Engage with hardware vendors to confirm the presence of ENETC controllers and obtain guidance or firmware updates that may complement kernel patches. 7. Conduct thorough testing in staging environments before deploying network configuration changes to production systems to prevent inadvertent crashes.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-12-27T15:00:39.840Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9822c4522896dcbde466
Added to database: 5/21/2025, 9:08:50 AM
Last enriched: 6/28/2025, 6:40:04 AM
Last updated: 7/31/2025, 9:08:55 AM
Views: 11
Related Threats
CVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.