CVE-2024-46681: pktgen: use cpus_read_lock() in pg_net_init()
First published: Fri Sep 13 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: pktgen: use cpus_read_lock() in pg_net_init() I have seen the WARN_ON(smp_processor_id() != cpu) firing in pktgen_thread_worker() during tests. We must use cpus_read_lock()/cpus_read_unlock() around the for_each_online_cpu(cpu) loop. While we are at it use WARN_ON_ONCE() to avoid a possible syslog flood.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=2.6.12<6.10.8 | |
| Linux Kernel | =6.11-rc1 | |
| Linux Kernel | =6.11-rc2 | |
| Linux Kernel | =6.11-rc3 | |
| Linux Kernel | =6.11-rc4 | |
| Linux Kernel | =6.11-rc5 | |
| debian/linux | <=5.10.223-1<=5.10.234-1<=6.1.129-1<=6.1.135-1 | 6.12.22-1 6.12.25-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/5f5f7366dda8ae870e8305d6e7b3c0c2686cd2cf
- https://git.kernel.org/stable/c/979b581e4c69257acab1af415ddad6b2d78a2fa5
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46681
- https://nvd.nist.gov/vuln/detail/CVE-2024-46681
- https://launchpad.net/bugs/cve/CVE-2024-46681
- https://security-tracker.debian.org/tracker/CVE-2024-46681
- https://ubuntu.com/security/CVE-2024-46681
- https://git.kernel.org/linus/979b581e4c69257acab1af415ddad6b2d78a2fa5
Frequently Asked Questions
What is the severity of CVE-2024-46681?
CVE-2024-46681 is classified as a moderate severity vulnerability in the Linux kernel.
How do I fix CVE-2024-46681?
To fix CVE-2024-46681, update the Linux kernel to version 6.12.11-1 or newer.
Which versions of the Linux kernel are affected by CVE-2024-46681?
CVE-2024-46681 affects Linux kernel versions from 2.6.12 up to 6.10.8, including specific release candidates of 6.11.
What causes the issue in CVE-2024-46681?
The issue in CVE-2024-46681 is caused by improper locking in the pktgen module, leading to potential inconsistencies.
Is my Linux kernel vulnerable based on my version?
If your Linux kernel version is between 2.6.12 and 6.10.8 or one of the 6.11 release candidates, it is vulnerable to CVE-2024-46681.
- agent/title
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/severity
- agent/references
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/event
- agent/source
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- agent/softwarecombine
- agent/tags
- collector/security-tracker-debian
- source/Debian
- vendor/linux
- canonical/linux kernel
- version/linux kernel/2.6.12
- version/linux kernel/6.11-rc1
- version/linux kernel/6.11-rc2
- version/linux kernel/6.11-rc3
- version/linux kernel/6.11-rc4
- version/linux kernel/6.11-rc5
- package-manager/debian