7.8
CWE
416
Advisory Published
Updated

CVE-2024-46800: sch/netem: fix use after free in netem_dequeue

First published: Wed Sep 18 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: sch/netem: fix use after free in netem_dequeue If netem_dequeue() enqueues packet to inner qdisc and that qdisc returns __NET_XMIT_STOLEN. The packet is dropped but qdisc_tree_reduce_backlog() is not called to update the parent's q.qlen, leading to the similar use-after-free as Commit e04991a48dbaf382 ("netem: fix return value if duplicate enqueue fails") Commands to trigger KASAN UaF: ip link add type dummy ip link set lo up ip link set dummy0 up tc qdisc add dev lo parent root handle 1: drr tc filter add dev lo parent 1: basic classid 1:1 tc class add dev lo classid 1:1 drr tc qdisc add dev lo parent 1:1 handle 2: netem tc qdisc add dev lo parent 2: handle 3: drr tc filter add dev lo parent 3: basic classid 3:1 action mirred egress redirect dev dummy0 tc class add dev lo classid 3:1 drr ping -c1 -W0.01 localhost # Trigger bug tc class del dev lo classid 1:1 tc class add dev lo classid 1:1 drr ping -c1 -W0.01 localhost # UaF

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux Kernel>=3.3<4.19.322
Linux Kernel>=4.20<5.4.284
Linux Kernel>=5.5<5.10.226
Linux Kernel>=5.11<5.15.167
Linux Kernel>=5.16<6.1.110
Linux Kernel>=6.2<6.6.51
Linux Kernel>=6.7<6.10.10
Linux Kernel=6.11-rc1
Linux Kernel=6.11-rc2
Linux Kernel=6.11-rc3
Linux Kernel=6.11-rc4
Linux Kernel=6.11-rc5
Linux Kernel=6.11-rc6
debian/linux<=5.10.223-1
5.10.234-1
6.1.129-1
6.1.128-1
6.12.20-1
6.12.21-1
debian/linux-6.1
6.1.129-1~deb11u1

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

  • What is the severity of CVE-2024-46800?

    CVE-2024-46800 has been assigned a severity rating which indicates a significant risk associated with a use after free vulnerability in the Linux kernel.

  • How do I fix CVE-2024-46800?

    To remediate CVE-2024-46800, it is necessary to upgrade the Linux kernel to a patched version that includes the fix for this vulnerability.

  • Which versions of the Linux kernel are affected by CVE-2024-46800?

    CVE-2024-46800 affects various versions of the Linux kernel prior to the fixed versions listed by the relevant vendor.

  • Is CVE-2024-46800 exploitable remotely?

    CVE-2024-46800 could potentially be exploitable remotely depending on the specific configurations and use cases of the affected kernel.

  • What components are impacted by CVE-2024-46800?

    CVE-2024-46800 specifically affects the sch/netem component of the Linux kernel related to packet scheduling.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203