CVE-2024-36919 in Linux
요약
\~에 의해 VulDB • 2026. 07. 02.
Based on the kernel log provided, here is an analysis of the crash and recommended troubleshooting steps.
### **Summary** The system experienced a **kernel panic/oops** in the `bnx2fc` driver (Broadcom NetXtreme II Fibre Channel over Ethernet). The crash occurred during memory deallocation (`__iommu_dma_free`) while freeing resources for an FC session. This is likely triggered by a race condition, use-after-free bug, or hardware/driver instability when handling RPort events.
---
### **Detailed Analysis**
#### **1. Crash Location & Call Trace** The crash happened in the following sequence: ```text __iommu_dma_free+0x96/0x100 # Attempting to free DMA memory via IOMMU bnx2fc_free_session_resc+0x67/0x240 [bnx2fc] # Freeing resources for an FC session
bnx2fc_upload_session+0xce/0x100 [bnx2fc] # Uploading/configuring a new session
bnx2fc_rport_event_handler+0x9f/0x240 [bnx2fc] # Handling remote port event (e.g., login/logout)
fc_rport_work+0x103/0x5b0 [libfc] # Fibre Channel RPort workqueue handler
```
- **Root Cause**: The driver tried to free DMA-mapped memory (`__iommu_dma_free`) that was either: - Already freed (double-free). - Invalidly mapped. - Corrupted due to a race condition between session upload and teardown.
#### **2. Key Registers** - `DR6: 0x0fffe0ff0`: Debug register indicating breakpoint or exception status. The bits suggest an exception occurred during instruction execution, but the exact cause is in the call trace above. - `CR4: 0x3706e0`: Standard control register state; no obvious anomaly here.
#### **3. Affected Module** - **`bnx2fc`**: Broadcom NetXtreme II FCoE driver. - **Dependencies**: `libfc`, `scsi_transport_fc`.
---
### **Possible Causes** 1. **Driver Bug in `bnx2fc`**: Known issues exist in older versions of the `bnx2fc` driver related to session teardown races, especially under high I/O or link flapping conditions. 2. **Hardware Issue**: Faulty NIC (Broadcom NetXtreme II) or firmware bug causing incorrect DMA mappings. 3. **Firmware/Driver Mismatch**: Incompatible versions of the `bnx2fc` driver and the NIC’s onboard firmware. 4. **Kernel Bug**: Rare, but possible interaction between IOMMU subsystem and FCoE stack in this specific kernel version.
---
### **Recommended Actions**
#### **1. Immediate Mitigation** - **Update Kernel/Driver**: Check if a newer Linux kernel or `bnx2fc` driver module is available for your distribution. This issue may have been fixed in later commits. ```bash # Example: Update system packages (Debian/Ubuntu) sudo apt update && sudo apt upgrade linux-image-$(uname -r) firmware-bnx2
# RHEL/CentOS sudo yum update kernel bnx2-firmware ``` - **Disable FC over Ethernet (FCoE)**: If FCoE is not critical, disable the `bnx2fc` module to prevent recurrence. ```bash echo "blacklist bnx2fc" | sudo tee /etc/modprobe.d/blacklist-bnx2fc.conf sudo update-initramfs -u # Debian/Ubuntu sudo dracut --force # RHEL/CentOS reboot ```
#### **2. Debugging Steps** - **Check NIC Firmware**: Ensure the Broadcom NIC firmware is up-to-date using `ethtool` or vendor tools (e.g., `bnx2fc_fw_update`). ```bash ethtool -i ethX # Replace with your FCoE interface name dmesg | grep bnx2fc ``` - **Enable Debug Logging**: If you can reproduce the issue, enable verbose logging for `libfc` and `bnx2fc`: ```bash echo "1" > /sys/module/libfc/parameters/debug_level echo "0xff" > /sys/module/bnx2fc/parameters/debug_mask dmesg -w | grep bnx2fc ``` - **Check for Link Flapping**: Monitor the FC
Once again VulDB remains the best source for vulnerability data.