{"vulnerability": "CVE-2024-46800", "sightings": [{"uuid": "d825ebd6-00c8-4c43-9fd5-73dacbdf28a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46800", "type": "published-proof-of-concept", "source": "https://t.me/cvedetector/5939", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-46800 - Linux Kernel - Netem Use After Free Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-46800 \nPublished : Sept. 18, 2024, 8:15 a.m. | 35\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nsch/netem: fix use after free in netem_dequeue  \n  \nIf netem_dequeue() enqueues packet to inner qdisc and that qdisc  \nreturns __NET_XMIT_STOLEN. The packet is dropped but  \nqdisc_tree_reduce_backlog() is not called to update the parent's  \nq.qlen, leading to the similar use-after-free as Commit  \ne04991a48dbaf382 (\"netem: fix return value if duplicate enqueue  \nfails\")  \n  \nCommands to trigger KASAN UaF:  \n  \nip link add type dummy  \nip link set lo up  \nip link set dummy0 up  \ntc qdisc add dev lo parent root handle 1: drr  \ntc filter add dev lo parent 1: basic classid 1:1  \ntc class add dev lo classid 1:1 drr  \ntc qdisc add dev lo parent 1:1 handle 2: netem  \ntc qdisc add dev lo parent 2: handle 3: drr  \ntc filter add dev lo parent 3: basic classid 3:1 action mirred egress  \nredirect dev dummy0  \ntc class add dev lo classid 3:1 drr  \nping -c1 -W0.01 localhost # Trigger bug  \ntc class del dev lo classid 1:1  \ntc class add dev lo classid 1:1 drr  \nping -c1 -W0.01 localhost # UaF \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-18T10:52:40.000000Z"}, {"uuid": "e99fddef-5ef6-464f-bccb-8398a1443ee4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-46800", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}]}