CVE-2024-46784

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-46784
In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup Currently napi_disable() gets called during rxq and txq cleanup, even before napi is enabled and hrtimer is initialized. It causes kernel panic. ? page_fault_oops+0x136/0x2b0 ? page_counter_cancel+0x2e/0x80 ? do_user_addr_fault+0x2f2/0x640 ? refill_obj_stock+0xc4/0x110 ? exc_page_fault+0x71/0x160 ? asm_exc_page_fault+0x27/0x30 ? __mmdrop+0x10/0x180 ? __mmdrop+0xec/0x180 ? hrtimer_active+0xd/0x50 hrtimer_try_to_cancel+0x2c/0xf0 hrtimer_cancel+0x15/0x30 napi_disable+0x65/0x90 mana_destroy_rxq+0x4c/0x2f0 mana_create_rxq.isra.0+0x56c/0x6d0 ? mana_uncfg_vport+0x50/0x50 mana_alloc_queues+0x21b/0x320 ? skb_dequeue+0x5f/0x80

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/4982a47154f0b50de81ee0a0b169a3fc74120a65 Patch
https://git.kernel.org/stable/c/9178eb8ebcd887ab75e54ac40d538e54bb9c7788 Patch
https://git.kernel.org/stable/c/9e0bff4900b5d412a9bafe4baeaa6facd34f671c Patch
https://git.kernel.org/stable/c/b6ecc662037694488bfff7c9fd21c405df8411f2 Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*
History

26 Sep 2024, 13:21

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*
First Time Linux linux Kernel
Linux
CWE CWE-908
References () https://git.kernel.org/stable/c/4982a47154f0b50de81ee0a0b169a3fc74120a65 - () https://git.kernel.org/stable/c/4982a47154f0b50de81ee0a0b169a3fc74120a65 - Patch
References () https://git.kernel.org/stable/c/9178eb8ebcd887ab75e54ac40d538e54bb9c7788 - () https://git.kernel.org/stable/c/9178eb8ebcd887ab75e54ac40d538e54bb9c7788 - Patch
References () https://git.kernel.org/stable/c/9e0bff4900b5d412a9bafe4baeaa6facd34f671c - () https://git.kernel.org/stable/c/9e0bff4900b5d412a9bafe4baeaa6facd34f671c - Patch
References () https://git.kernel.org/stable/c/b6ecc662037694488bfff7c9fd21c405df8411f2 - () https://git.kernel.org/stable/c/b6ecc662037694488bfff7c9fd21c405df8411f2 - Patch

20 Sep 2024, 12:30

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: mana: Se corrige el manejo de errores en la limpieza de NAPI de mana_create_txq/rxq Actualmente, napi_disable() se llama durante la limpieza de rxq y txq, incluso antes de que napi esté habilitado y hrtimer se inicialice. Provoca pánico del kernel. ? page_fault_oops+0x136/0x2b0 ? page_counter_cancel+0x2e/0x80 ? do_user_addr_fault+0x2f2/0x640 ? refill_obj_stock+0xc4/0x110 ? exc_page_fault+0x71/0x160 ? asm_exc_page_fault+0x27/0x30 ? __mmdrop+0x10/0x180 ? __mmdrop+0xec/0x180 ? hrtimer_active+0xd/0x50 hrtimer_try_to_cancel+0x2c/0xf0 hrtimer_cancel+0x15/0x30 napi_disable+0x65/0x90 mana_destroy_rxq+0x4c/0x2f0 mana_create_rxq.isra.0+0x56c/0x6d0 ? mana_uncfg_vport+0x50/0x50 mana_alloc_queues+0x21b/0x320 ? skb_dequeue+0x5f/0x80

18 Sep 2024, 08:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-09-18 08:15

Updated : 2024-09-26 13:21

NVD link : CVE-2024-46784

Mitre link : CVE-2024-46784

CVE.ORG link : CVE-2024-46784

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-908

Use of Uninitialized Resource


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024