medium
5.5
CWE
129
Advisory Published
Updated

CVE-2024-46847: mm: vmalloc: ensure vmap_block is initialised before adding to queue

First published: Fri Sep 27 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: mm: vmalloc: ensure vmap_block is initialised before adding to queue Commit 8c61291fd850 ("mm: fix incorrect vbq reference in purge_fragmented_block") extended the 'vmap_block' structure to contain a 'cpu' field which is set at allocation time to the id of the initialising CPU. When a new 'vmap_block' is being instantiated by new_vmap_block(), the partially initialised structure is added to the local 'vmap_block_queue' xarray before the 'cpu' field has been initialised. If another CPU is concurrently walking the xarray (e.g. via vm_unmap_aliases()), then it may perform an out-of-bounds access to the remote queue thanks to an uninitialised index. This has been observed as UBSAN errors in Android: | Internal error: UBSAN: array index out of bounds: 00000000f2005512 [#1] PREEMPT SMP | | Call trace: | purge_fragmented_block+0x204/0x21c | _vm_unmap_aliases+0x170/0x378 | vm_unmap_aliases+0x1c/0x28 | change_memory_common+0x1dc/0x26c | set_memory_ro+0x18/0x24 | module_enable_ro+0x98/0x238 | do_init_module+0x1b0/0x310 Move the initialisation of 'vb->cpu' in new_vmap_block() ahead of the addition to the xarray.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux Kernel>=6.6.37<6.6.51
Linux Kernel>=6.9.8<6.10
Linux Kernel>=6.10<6.10.10
Linux Kernel=6.11-rc1
Linux Kernel=6.11-rc2
Linux Kernel=6.11-rc3
Linux Kernel=6.11-rc4
Linux Kernel=6.11-rc5
Linux Kernel=6.11-rc6
debian/linux
5.10.223-1
5.10.234-1
6.1.129-1
6.1.135-1
6.12.22-1
6.12.25-1

Remedy

https://git.kernel.org/stable/c/1b2770e27d6d952f491bb362b657e5b2713c3efd

Remedy

https://git.kernel.org/stable/c/3e3de7947c751509027d26b679ecd243bc9db255

Remedy

https://git.kernel.org/stable/c/6cf74e0e5e3ab5d5c9defb4c73dad54d52224671

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-46847?

    The severity of CVE-2024-46847 is classified as medium risk.

  • How do I fix CVE-2024-46847?

    To fix CVE-2024-46847, update the Linux kernel to a version that is not affected by this vulnerability.

  • Which versions of Linux kernel are affected by CVE-2024-46847?

    CVE-2024-46847 affects Linux kernel versions between 6.6.37 and 6.6.51, 6.9.8 and 6.10, and multiple release candidates of 6.11.

  • Is there a patch available for CVE-2024-46847?

    Yes, a patch for CVE-2024-46847 is available in the updated versions of the Linux kernel.

  • What is the cause of CVE-2024-46847?

    CVE-2024-46847 is caused by improper initialization of the 'vmap_block' structure in the Linux kernel.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203