CVE-2024-46679

MEDIUM EPSS 15.4%
Published Sep 13, 20241y ago · Modified Jun 17, 20262w ago
4.7 CVSS 3.1
Medium
Find Similar
Published Sep 13, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ethtool: check device is present when getting link settings A sysfs reader can race with a device reset or removal, attempting to read device state when the device is not actually present. eg: [exception RIP: qed_get_current_link+17] #8 [ffffb9e4f2907c48] qede_get_link_ksettings at ffffffffc07a994a [qede] #9 [ffffb9e4f2907cd8] __rh_call_get_link_ksettings at ffffffff992b01a3 #10 [ffffb9e4f2907d38] __ethtool_get_link_ksettings at ffffffff992b04e4 #11 [ffffb9e4f2907d90] duplex_show at ffffffff99260300 #12 [ffffb9e4f2907e38] dev_attr_show at ffffffff9905a01c #13 [ffffb9e4f2907e50] sysfs_kf_seq_show at ffffffff98e0145b #14 [ffffb9e4f2907e68] seq_read at ffffffff98d902e3 #15 [ffffb9e4f2907ec8] vfs_read at ffffffff98d657d1 #16 [ffffb9e4f2907f00] ksys_read at ffffffff98d65c3f #17 [ffffb9e4f2907f38] do_syscall_64 at ffffffff98a052fb crash> struct net_device.state ffff9a9d21336000 state = 5, state 5 is __LINK_STATE_START (0b1) and __LINK_STATE_NOCARRIER (0b100). The device is not present, note lack of __LINK_STATE_PRESENT (0b10). This is the same sort of panic as observed in commit 4224cfd7fb65 ("net-sysfs: add check for netdevice being present to speed_show"). There are many other callers of __ethtool_get_link_ksettings() which don't have a device presence check. Move this check into ethtool to protect all callers.

CVSS Details

Base Score
4.7
Exploitability
1.0
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
15.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 11

VendorProductVersionRange
linuxlinux_kernel*≥2.6.33  –  <5.4.283
linuxlinux_kernel*≥5.5  –  <5.10.225
linuxlinux_kernel*≥5.11  –  <5.15.166
linuxlinux_kernel*≥5.16  –  <6.1.108
linuxlinux_kernel*≥6.2  –  <6.6.49
linuxlinux_kernel*≥6.7  –  <6.10.8
linuxlinux_kernel6.11any
linuxlinux_kernel6.11any
linuxlinux_kernel6.11any
linuxlinux_kernel6.11any
linuxlinux_kernel6.11any

References 12

  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-265688.html
  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-355557.html
  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-613116.html
  • git.kernel.org https://git.kernel.org/stable/c/1d6d9b5b1b95bfeccb84386a51b7e6c510ec13b2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7a8d98b6d6484d3ad358510366022da080c37cbc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/842a40c7273ba1c1cb30dda50405b328de1d860e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/94ab317024ba373d37340893d1c0358638935fbb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9bba5955eed160102114d4cc00c3d399be9bdae4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a699781c79ecf6cfe67fb00a0331b4088c7c8466
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ec7b4f7f644018ac293cb1b02528a40a32917e62
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/1d6d9b5b1b95bfeccb84386a51b7e6c510ec13b2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7a8d98b6d6484d3ad358510366022da080c37cbc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/842a40c7273ba1c1cb30dda50405b328de1d860e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/94ab317024ba373d37340893d1c0358638935fbb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9bba5955eed160102114d4cc00c3d399be9bdae4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a699781c79ecf6cfe67fb00a0331b4088c7c8466
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ec7b4f7f644018ac293cb1b02528a40a32917e62
    Patch