CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-46718

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00038/1

CVE-2024-46718 is a vulnerability in the Linux kernel's drm/xe component related to identity VRAM mapping. This issue involves the kernel potentially overmapping the identity VRAM mapping, which can trigger hardware bugs on specific platforms. The fix involves utilizing 2MB pages for the last VRAM chunk that is unaligned to 1GB to prevent the overmapping problem. Despite a CVSS score of 0, indicating a seemingly low immediate impact, the SOCRadar Vulnerability Risk Score (SVRS) of 30 suggests a moderate risk, potentially escalating with further exploit development or specific system configurations. This kernel flaw requires patching to ensure system stability and prevent potential hardware-related issues. Ignoring this vulnerability could lead to unpredictable system behavior or crashes on affected systems. Keeping your Linux kernel updated is important to mitigate this and other potential security risks.

TAGS
No tags available
VECTOR STRING
PUBLICATION DATE2024-09-18
LAST MODIFIED2024-09-20
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-46718 is a vulnerability in the Linux kernel that could allow an attacker to trigger hardware bugs on certain platforms by overmapping the identity VRAM mapping. This vulnerability has a CVSS score of 0, indicating a low severity level. However, SOCRadar's unique 'SOCRadar Vulnerability Risk Score' (SVRS) assigns a score of 34, indicating a moderate risk level. This discrepancy highlights the importance of considering additional factors beyond CVSS when assessing the severity of vulnerabilities.

Key Insights:

  • Exploit Status: Active exploits have been published for this vulnerability.
  • Threat Actors/APT Groups: No specific threat actors or APT groups have been identified as actively exploiting this vulnerability.
  • CISA Warnings: The Cybersecurity and Infrastructure Security Agency (CISA) has not issued a warning for this vulnerability.
  • In the Wild: There is no evidence that this vulnerability is being actively exploited in the wild.

Mitigation Strategies:

  • Update to the latest version of the Linux kernel.
  • Apply the patch provided by the Linux kernel maintainers.
  • Restrict access to the affected systems and services.
  • Implement network segmentation and firewall rules to limit the spread of potential attacks.

Additional Information:

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

USN-7196-1: Linux kernel (Azure) vulnerabilities
2025-01-09
USN-7196-1: Linux kernel (Azure) vulnerabilities | Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - User-Mode Linux (UML); - x86 architecture; - Block layer subsystem; - Android drivers; - ATM drivers; - Drivers core; - Ublk userspace block driver; - Bluetooth drivers; - Character device driver; - Hardware crypto device drivers; - Buffer Sharing and Synchronization framework; - DMA engine subsystem; - Qualcomm firmware drivers; - GPIO subsystem; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - I2C subsystem; - I3C subsystem; - IIO subsystem; - InfiniBand
ubuntu.com
rss
forum
news
USN-7154-2: Linux kernel (HWE) vulnerabilities
2025-01-06
USN-7154-2: Linux kernel (HWE) vulnerabilities | Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - User-Mode Linux (UML); - x86 architecture; - Block layer subsystem; - Android drivers; - ATM drivers; - Drivers core; - Ublk userspace block driver; - Bluetooth drivers; - Character device driver; - Hardware crypto device drivers; - Buffer Sharing and Synchronization framework; - DMA engine subsystem; - Qualcomm firmware drivers; - GPIO subsystem; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - I2C subsystem; - I3C subsystem; - IIO subsystem; - InfiniBand
ubuntu.com
rss
forum
news
CVE-2024-46718 | Linux Kernel up to 6.10.8 usable_size assertion (bb706e92c87b/6d3581edffea / Nessus ID 212724)
vuldb.com2024-12-13
CVE-2024-46718 | Linux Kernel up to 6.10.8 usable_size assertion (bb706e92c87b/6d3581edffea / Nessus ID 212724) | A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.10.8. Affected by this issue is the function usable_size. The manipulation leads to reachable assertion. This vulnerability is handled as CVE-2024-46718. The attack needs to be initiated within the local network
vuldb.com
rss
forum
news
USN-7154-1: Linux kernel vulnerabilities
2024-12-12
USN-7154-1: Linux kernel vulnerabilities | Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - User-Mode Linux (UML); - x86 architecture; - Block layer subsystem; - Android drivers; - ATM drivers; - Drivers core; - Ublk userspace block driver; - Bluetooth drivers; - Character device driver; - Hardware crypto device drivers; - Buffer Sharing and Synchronization framework; - DMA engine subsystem; - Qualcomm firmware drivers; - GPIO subsystem; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - I2C subsystem; - I3C subsystem; - IIO subsystem; - InfiniBand drivers
ubuntu.com
rss
forum
news
USN-7155-1: Linux kernel (NVIDIA) vulnerabilities
2024-12-12
USN-7155-1: Linux kernel (NVIDIA) vulnerabilities | Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - User-Mode Linux (UML); - x86 architecture; - Block layer subsystem; - Android drivers; - ATM drivers; - Drivers core; - Ublk userspace block driver; - Bluetooth drivers; - Character device driver; - Hardware crypto device drivers; - Buffer Sharing and Synchronization framework; - DMA engine subsystem; - Qualcomm firmware drivers; - GPIO subsystem; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - I2C subsystem; - I3C subsystem; - IIO subsystem; - InfiniBand
ubuntu.com
rss
forum
news
USN-7156-1: Linux kernel (GKE) vulnerabilities
2024-12-12
USN-7156-1: Linux kernel (GKE) vulnerabilities | Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. (CVE-2024-25741) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - MIPS architecture; - PA-RISC architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - User-Mode Linux (UML); - x86 architecture; - Block layer subsystem; - Cryptographic
ubuntu.com
rss
forum
news

Social Media

CVE-2024-46718 In the Linux kernel, the following vulnerability has been resolved: drm/xe: Don't overmap identity VRAM mapping Overmapping the identity VRAM mapping is triggering … https://t.co/btQ4KG5XLy
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/6d3581edffea0b3a64b0d3094d3f09222e0024f7
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/bb706e92c87beb9f2543faa1705ccc330b9e7c65

CWE Details

No CWE details found for this CVE

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence