CVE-2024-46784

MEDIUM EPSS 10.8%
Published Sep 18, 20241y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Sep 18, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup Currently napi_disable() gets called during rxq and txq cleanup, even before napi is enabled and hrtimer is initialized. It causes kernel panic. ? page_fault_oops+0x136/0x2b0 ? page_counter_cancel+0x2e/0x80 ? do_user_addr_fault+0x2f2/0x640 ? refill_obj_stock+0xc4/0x110 ? exc_page_fault+0x71/0x160 ? asm_exc_page_fault+0x27/0x30 ? __mmdrop+0x10/0x180 ? __mmdrop+0xec/0x180 ? hrtimer_active+0xd/0x50 hrtimer_try_to_cancel+0x2c/0xf0 hrtimer_cancel+0x15/0x30 napi_disable+0x65/0x90 mana_destroy_rxq+0x4c/0x2f0 mana_create_rxq.isra.0+0x56c/0x6d0 ? mana_uncfg_vport+0x50/0x50 mana_alloc_queues+0x21b/0x320 ? skb_dequeue+0x5f/0x80

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
10.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-908

Affected Products 9

VendorProductVersionRange
linuxlinux_kernel*≥5.15  –  <6.1.110
linuxlinux_kernel*≥6.2  –  <6.6.51
linuxlinux_kernel*≥6.7  –  <6.10.10
linuxlinux_kernel6.11any
linuxlinux_kernel6.11any
linuxlinux_kernel6.11any
linuxlinux_kernel6.11any
linuxlinux_kernel6.11any
linuxlinux_kernel6.11any

References 6

  • git.kernel.org https://git.kernel.org/stable/c/386617efacab10bf5bb40bde403467c57cc00470
  • git.kernel.org https://git.kernel.org/stable/c/4982a47154f0b50de81ee0a0b169a3fc74120a65
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9178eb8ebcd887ab75e54ac40d538e54bb9c7788
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9e0bff4900b5d412a9bafe4baeaa6facd34f671c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b6ecc662037694488bfff7c9fd21c405df8411f2
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/4982a47154f0b50de81ee0a0b169a3fc74120a65
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9178eb8ebcd887ab75e54ac40d538e54bb9c7788
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9e0bff4900b5d412a9bafe4baeaa6facd34f671c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b6ecc662037694488bfff7c9fd21c405df8411f2
    Patch