CVE-2024-46713

HIGH EPSS 21.6%
Published Sep 13, 20241y ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
High
Find Similar
Published Sep 13, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: perf/aux: Fix AUX buffer serialization Ole reported that event->mmap_mutex is strictly insufficient to serialize the AUX buffer, add a per RB mutex to fully serialize it. Note that in the lock order comment the perf_event::mmap_mutex order was already wrong, that is, it nesting under mmap_lock is not new with this patch.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
21.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-787 Out-of-bounds Write Memory Safety

Affected Products 11

VendorProductVersionRange
linuxlinux_kernel*≥4.1  –  <5.10.226
linuxlinux_kernel*≥5.11  –  <5.15.167
linuxlinux_kernel*≥5.16  –  <6.1.110
linuxlinux_kernel*≥6.2  –  <6.6.51
linuxlinux_kernel*≥6.7  –  <6.10.10
linuxlinux_kernel6.11any
linuxlinux_kernel6.11any
linuxlinux_kernel6.11any
linuxlinux_kernel6.11any
linuxlinux_kernel6.11any
linuxlinux_kernel6.11any

References 8

  • git.kernel.org https://git.kernel.org/stable/c/2ab9d830262c132ab5db2f571003d80850d56b2a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/52d13d224fdf1299c8b642807fa1ea14d693f5ff
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7882923f1cb88dc1a17f2bf0c81b1fc80d44db82
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9dc7ad2b67772cfb94ceb3b0c9c4023c2463215d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b9b6882e243b653d379abbeaa64a500182aba370
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c4b69bee3f4ef76809288fe6827bc14d4ae788ef
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/2ab9d830262c132ab5db2f571003d80850d56b2a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/52d13d224fdf1299c8b642807fa1ea14d693f5ff
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7882923f1cb88dc1a17f2bf0c81b1fc80d44db82
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9dc7ad2b67772cfb94ceb3b0c9c4023c2463215d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b9b6882e243b653d379abbeaa64a500182aba370
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c4b69bee3f4ef76809288fe6827bc14d4ae788ef
    Patch