CVE-2024-46681

Summary

In the Linux kernel, the following vulnerability has been resolved:

pktgen: use cpus_read_lock() in pg_net_init()

I have seen the WARN_ON(smp_processor_id() != cpu) firing in pktgen_thread_worker() during tests.

We must use cpus_read_lock()/cpus_read_unlock() around the for_each_online_cpu(cpu) loop.

While we are at it use WARN_ON_ONCE() to avoid a possible syslog flood.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 5f5f7366dda8ae870e8305d6e7b3c0c2686cd2cfaffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 979b581e4c69257acab1af415ddad6b2d78a2fa5affected
LinuxLinux2.6.12affected
LinuxLinux0 < 2.6.12unaffected
LinuxLinux6.10.8 <= 6.10.*unaffected
LinuxLinux6.11 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References