CVERadar

CVE-2024-46705

High Severity

Linux

SVRS

54/100

CVSSv3

5.5/10

EPSS

0.00031/1

CVE-2024-46705 is a medium severity vulnerability in the Linux kernel's DRM/xe (Direct Rendering Manager) subsystem. This flaw involves failing to properly reset MMIO (Memory-Mapped I/O) mappings with devm, potentially leading to memory corruption or other undefined behavior after device removal. The fix ensures that MMIO mappings are set to NULL, preventing rogue processes from accessing already unmapped memory regions and causing system instability. Although CVE-2024-46705 has a CVSS score of 5.5, indicating medium severity, its SOCRadar Vulnerability Risk Score (SVRS) is 54, suggesting a moderate level of real-world exploitability and risk. While not requiring immediate action like critical vulnerabilities (SVRS > 80), patching this CVE is crucial for maintaining system stability and preventing potential future security issues. This bug emphasizes the importance of robust memory management in kernel drivers to avoid unexpected interactions and maintain system integrity. Addressing this vulnerability helps prevent potential system crashes or unexpected behavior.

TAGS

No tags available

VECTOR STRING

CVSS:3.1

AV:L

AC:L

PR:L

UI:N

S:U

C:N

I:N

A:H

PUBLICATION DATE2024-09-13

LAST MODIFIED2024-09-19

SOCRadar

AI Insight

Description:

CVE-2024-46705 is a vulnerability in the Linux kernel that could allow an attacker to cause a denial of service (DoS) condition. The vulnerability exists in the way the kernel handles memory mappings for certain devices. An attacker could exploit this vulnerability by sending a specially crafted sequence of commands to a vulnerable system. This could cause the system to crash or become unresponsive.

Key Insights:

The CVSS score for this vulnerability is 0, which indicates that it is a low-severity vulnerability. However, the SOCRadar Vulnerability Risk Score (SVRS) is 34, which indicates that it is a moderate-severity vulnerability. This is because the SVRS takes into account additional factors, such as the availability of exploits and the potential impact of the vulnerability.
There are no known active exploits for this vulnerability. However, it is possible that exploits could be developed in the future.
The Cybersecurity and Infrastructure Security Agency (CISA) has not issued a warning about this vulnerability. However, CISA recommends that users patch their systems as soon as possible.

Mitigation Strategies:

Update to the latest version of the Linux kernel.
Disable the affected device.
Restrict access to the affected device.

Additional Information:

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

CVE-2024-46705 | Linux Kernel up to 6.10.6 DRM null pointer dereference (b1c9fbed3884/c7117419784f / Nessus ID 212724)

vuldb.com2024-12-13

CVE-2024-46705 | Linux Kernel up to 6.10.6 DRM null pointer dereference (b1c9fbed3884/c7117419784f / Nessus ID 212724) | A vulnerability was found in Linux Kernel up to 6.10.6. It has been classified as critical. This affects an unknown part of the component DRM. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2024-46705. Access to the local network is required

vuldb.com

rss

forum

news

USN-7154-1: Linux kernel vulnerabilities

2024-12-12

USN-7154-1: Linux kernel vulnerabilities | Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - User-Mode Linux (UML); - x86 architecture; - Block layer subsystem; - Android drivers; - ATM drivers; - Drivers core; - Ublk userspace block driver; - Bluetooth drivers; - Character device driver; - Hardware crypto device drivers; - Buffer Sharing and Synchronization framework; - DMA engine subsystem; - Qualcomm firmware drivers; - GPIO subsystem; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - I2C subsystem; - I3C subsystem; - IIO subsystem; - InfiniBand drivers

ubuntu.com

rss

forum

news

Social Media

CVE

@CVEnew

2024-09-13

CVE-2024-46705 In the Linux kernel, the following vulnerability has been resolved: drm/xe: reset mmio mappings with devm Set our various mmio mappings to NULL. This should make it… https://t.co/BAyHeKUYXs

Affected Software

Configuration 1

Type	Vendor	Product
OS	Linux	linux_kernel

References

Reference	Link
416BAAA9-DC9F-4396-8D5F-8C081FB06D67	https://git.kernel.org/stable/c/b1c9fbed3884d3883021d699c7cdf5253a65543a
416BAAA9-DC9F-4396-8D5F-8C081FB06D67	https://git.kernel.org/stable/c/c7117419784f612d59ee565145f722e8b5541fe6

CWE Details

CWE ID	CWE Name	Description
CWE-476	NULL Pointer Dereference	A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence