CVE-2024-57948: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-57948 affects the Linux kernel's mac802154 subsystem, specifically the ieee802154ifremove function. The vulnerability was discovered by syzkaller and reported on January 31, 2025. The issue occurs when removing an IEEE 802.15.4 network interface after unregistering an IEEE 802.15.4 hardware device from the system, potentially leading to a corrupted list condition (Kernel Git).

The vulnerability manifests in the ieee802154ifremove function within net/mac802154/iface.c. The issue arises when attempting to delete an sdata list entry after the net device has been unregistered and the RCU grace period has elapsed. The bug triggers at lib/listdebug.c:58, resulting in an invalid opcode (0000) and kernel BUG condition. The call trace shows the issue propagating through the network stack, starting from genlfamilyrcvmsgdoit through to ieee802154if_remove (Kernel Git).

When triggered, the vulnerability causes a kernel BUG condition, leading to a system crash. This represents a denial of service vulnerability in the Linux kernel's IEEE 802.15.4 networking subsystem (NVD).

The issue has been patched by adding a check for local->interfaces before deleting the sdata list. The fix has been incorporated into multiple Linux kernel versions, including 6.1.128-1 for Debian systems. Users are recommended to upgrade to the patched versions (Debian Security).