CVE-2024-46782 (GCVE-0-2024-46782)

Vulnerability from cvelistv5 – Published: 2024-09-18 07:12 – Updated: 2026-05-11 20:36
VLAI
Title
ila: call nf_unregister_net_hooks() sooner
Summary
In the Linux kernel, the following vulnerability has been resolved: ila: call nf_unregister_net_hooks() sooner syzbot found an use-after-free Read in ila_nf_input [1] Issue here is that ila_xlat_exit_net() frees the rhashtable, then call nf_unregister_net_hooks(). It should be done in the reverse way, with a synchronize_rcu(). This is a good match for a pre_exit() method. [1] BUG: KASAN: use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline] BUG: KASAN: use-after-free in __rhashtable_lookup include/linux/rhashtable.h:604 [inline] BUG: KASAN: use-after-free in rhashtable_lookup include/linux/rhashtable.h:646 [inline] BUG: KASAN: use-after-free in rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672 Read of size 4 at addr ffff888064620008 by task ksoftirqd/0/16 CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc4-syzkaller-00238-g2ad6d23f465a #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:93 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 rht_key_hashfn include/linux/rhashtable.h:159 [inline] __rhashtable_lookup include/linux/rhashtable.h:604 [inline] rhashtable_lookup include/linux/rhashtable.h:646 [inline] rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672 ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:132 [inline] ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline] ila_nf_input+0x1fe/0x3c0 net/ipv6/ila/ila_xlat.c:190 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626 nf_hook include/linux/netfilter.h:269 [inline] NF_HOOK+0x29e/0x450 include/linux/netfilter.h:312 __netif_receive_skb_one_core net/core/dev.c:5661 [inline] __netif_receive_skb+0x1ea/0x650 net/core/dev.c:5775 process_backlog+0x662/0x15b0 net/core/dev.c:6108 __napi_poll+0xcb/0x490 net/core/dev.c:6772 napi_poll net/core/dev.c:6841 [inline] net_rx_action+0x89b/0x1240 net/core/dev.c:6963 handle_softirqs+0x2c4/0x970 kernel/softirq.c:554 run_ksoftirqd+0xca/0x130 kernel/softirq.c:928 smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> The buggy address belongs to the physical page: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x64620 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) page_type: 0xbfffffff(buddy) raw: 00fff00000000000 ffffea0000959608 ffffea00019d9408 0000000000000000 raw: 0000000000000000 0000000000000003 00000000bfffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as freed page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 5242, tgid 5242 (syz-executor), ts 73611328570, free_ts 618981657187 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493 prep_new_page mm/page_alloc.c:1501 [inline] get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3439 __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695 __alloc_pages_node_noprof include/linux/gfp.h:269 [inline] alloc_pages_node_noprof include/linux/gfp.h:296 [inline] ___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4103 __kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4130 __do_kmalloc_node mm/slub.c:4146 [inline] __kmalloc_node_noprof+0x2d2/0x440 mm/slub.c:4164 __kvmalloc_node_noprof+0x72/0x190 mm/util.c:650 bucket_table_alloc lib/rhashtable.c:186 [inline] rhashtable_init_noprof+0x534/0xa60 lib/rhashtable.c:1071 ila_xlat_init_net+0xa0/0x110 net/ipv6/ila/ila_xlat.c:613 ops_ini ---truncated---
Severity
No CVSS data available.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 7f00feaf107645d95a6d87e99b4d141ac0a08efd , < 43d34110882b97ba1ec66cc8234b18983efb9abf (git)
Affected: 7f00feaf107645d95a6d87e99b4d141ac0a08efd , < dcaf4e2216824839d26727a15b638c6a677bd9fc (git)
Affected: 7f00feaf107645d95a6d87e99b4d141ac0a08efd , < 93ee345ba349922834e6a9d1dadabaedcc12dce6 (git)
Affected: 7f00feaf107645d95a6d87e99b4d141ac0a08efd , < bda4d84ac0d5421b346faee720011f58bdb99673 (git)
Affected: 7f00feaf107645d95a6d87e99b4d141ac0a08efd , < 925c18a7cff93d8a4320d652351294ff7d0ac93c (git)
Affected: 7f00feaf107645d95a6d87e99b4d141ac0a08efd , < 18a5a16940464b301ea91bf5da3a324aedb347b2 (git)
Affected: 7f00feaf107645d95a6d87e99b4d141ac0a08efd , < 47abd8adddbc0aecb8f231269ef659148d5dabe4 (git)
Affected: 7f00feaf107645d95a6d87e99b4d141ac0a08efd , < 031ae72825cef43e4650140b800ad58bf7a6a466 (git)
Create a notification for this product.
Linux Linux Affected: 4.5
Unaffected: 0 , < 4.5 (semver)
Unaffected: 4.19.322 , ≤ 4.19.* (semver)
Unaffected: 5.4.284 , ≤ 5.4.* (semver)
Unaffected: 5.10.226 , ≤ 5.10.* (semver)
Unaffected: 5.15.167 , ≤ 5.15.* (semver)
Unaffected: 6.1.110 , ≤ 6.1.* (semver)
Unaffected: 6.6.51 , ≤ 6.6.* (semver)
Unaffected: 6.10.10 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46782",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T14:30:14.976916Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-10T13:18:35.725Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:18:26.768Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/ila/ila.h",
            "net/ipv6/ila/ila_main.c",
            "net/ipv6/ila/ila_xlat.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "43d34110882b97ba1ec66cc8234b18983efb9abf",
              "status": "affected",
              "version": "7f00feaf107645d95a6d87e99b4d141ac0a08efd",
              "versionType": "git"
            },
            {
              "lessThan": "dcaf4e2216824839d26727a15b638c6a677bd9fc",
              "status": "affected",
              "version": "7f00feaf107645d95a6d87e99b4d141ac0a08efd",
              "versionType": "git"
            },
            {
              "lessThan": "93ee345ba349922834e6a9d1dadabaedcc12dce6",
              "status": "affected",
              "version": "7f00feaf107645d95a6d87e99b4d141ac0a08efd",
              "versionType": "git"
            },
            {
              "lessThan": "bda4d84ac0d5421b346faee720011f58bdb99673",
              "status": "affected",
              "version": "7f00feaf107645d95a6d87e99b4d141ac0a08efd",
              "versionType": "git"
            },
            {
              "lessThan": "925c18a7cff93d8a4320d652351294ff7d0ac93c",
              "status": "affected",
              "version": "7f00feaf107645d95a6d87e99b4d141ac0a08efd",
              "versionType": "git"
            },
            {
              "lessThan": "18a5a16940464b301ea91bf5da3a324aedb347b2",
              "status": "affected",
              "version": "7f00feaf107645d95a6d87e99b4d141ac0a08efd",
              "versionType": "git"
            },
            {
              "lessThan": "47abd8adddbc0aecb8f231269ef659148d5dabe4",
              "status": "affected",
              "version": "7f00feaf107645d95a6d87e99b4d141ac0a08efd",
              "versionType": "git"
            },
            {
              "lessThan": "031ae72825cef43e4650140b800ad58bf7a6a466",
              "status": "affected",
              "version": "7f00feaf107645d95a6d87e99b4d141ac0a08efd",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/ila/ila.h",
            "net/ipv6/ila/ila_main.c",
            "net/ipv6/ila/ila_xlat.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.5"
            },
            {
              "lessThan": "4.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.322",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.284",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.110",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.51",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.322",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.284",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.110",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.51",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.10",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nila: call nf_unregister_net_hooks() sooner\n\nsyzbot found an use-after-free Read in ila_nf_input [1]\n\nIssue here is that ila_xlat_exit_net() frees the rhashtable,\nthen call nf_unregister_net_hooks().\n\nIt should be done in the reverse way, with a synchronize_rcu().\n\nThis is a good match for a pre_exit() method.\n\n[1]\n BUG: KASAN: use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n BUG: KASAN: use-after-free in __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\nRead of size 4 at addr ffff888064620008 by task ksoftirqd/0/16\n\nCPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc4-syzkaller-00238-g2ad6d23f465a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n \u003cTASK\u003e\n  __dump_stack lib/dump_stack.c:93 [inline]\n  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n  print_address_description mm/kasan/report.c:377 [inline]\n  print_report+0x169/0x550 mm/kasan/report.c:488\n  kasan_report+0x143/0x180 mm/kasan/report.c:601\n  rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n  __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n  rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n  rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\n  ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:132 [inline]\n  ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\n  ila_nf_input+0x1fe/0x3c0 net/ipv6/ila/ila_xlat.c:190\n  nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n  nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626\n  nf_hook include/linux/netfilter.h:269 [inline]\n  NF_HOOK+0x29e/0x450 include/linux/netfilter.h:312\n  __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\n  __netif_receive_skb+0x1ea/0x650 net/core/dev.c:5775\n  process_backlog+0x662/0x15b0 net/core/dev.c:6108\n  __napi_poll+0xcb/0x490 net/core/dev.c:6772\n  napi_poll net/core/dev.c:6841 [inline]\n  net_rx_action+0x89b/0x1240 net/core/dev.c:6963\n  handle_softirqs+0x2c4/0x970 kernel/softirq.c:554\n  run_ksoftirqd+0xca/0x130 kernel/softirq.c:928\n  smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164\n  kthread+0x2f0/0x390 kernel/kthread.c:389\n  ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n  ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\nThe buggy address belongs to the physical page:\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x64620\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\npage_type: 0xbfffffff(buddy)\nraw: 00fff00000000000 ffffea0000959608 ffffea00019d9408 0000000000000000\nraw: 0000000000000000 0000000000000003 00000000bfffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as freed\npage last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 5242, tgid 5242 (syz-executor), ts 73611328570, free_ts 618981657187\n  set_page_owner include/linux/page_owner.h:32 [inline]\n  post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493\n  prep_new_page mm/page_alloc.c:1501 [inline]\n  get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3439\n  __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695\n  __alloc_pages_node_noprof include/linux/gfp.h:269 [inline]\n  alloc_pages_node_noprof include/linux/gfp.h:296 [inline]\n  ___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4103\n  __kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4130\n  __do_kmalloc_node mm/slub.c:4146 [inline]\n  __kmalloc_node_noprof+0x2d2/0x440 mm/slub.c:4164\n  __kvmalloc_node_noprof+0x72/0x190 mm/util.c:650\n  bucket_table_alloc lib/rhashtable.c:186 [inline]\n  rhashtable_init_noprof+0x534/0xa60 lib/rhashtable.c:1071\n  ila_xlat_init_net+0xa0/0x110 net/ipv6/ila/ila_xlat.c:613\n  ops_ini\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T20:36:22.752Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/43d34110882b97ba1ec66cc8234b18983efb9abf"
        },
        {
          "url": "https://git.kernel.org/stable/c/dcaf4e2216824839d26727a15b638c6a677bd9fc"
        },
        {
          "url": "https://git.kernel.org/stable/c/93ee345ba349922834e6a9d1dadabaedcc12dce6"
        },
        {
          "url": "https://git.kernel.org/stable/c/bda4d84ac0d5421b346faee720011f58bdb99673"
        },
        {
          "url": "https://git.kernel.org/stable/c/925c18a7cff93d8a4320d652351294ff7d0ac93c"
        },
        {
          "url": "https://git.kernel.org/stable/c/18a5a16940464b301ea91bf5da3a324aedb347b2"
        },
        {
          "url": "https://git.kernel.org/stable/c/47abd8adddbc0aecb8f231269ef659148d5dabe4"
        },
        {
          "url": "https://git.kernel.org/stable/c/031ae72825cef43e4650140b800ad58bf7a6a466"
        }
      ],
      "title": "ila: call nf_unregister_net_hooks() sooner",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46782",
    "datePublished": "2024-09-18T07:12:38.652Z",
    "dateReserved": "2024-09-11T15:12:18.276Z",
    "dateUpdated": "2026-05-11T20:36:22.752Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-46782",
      "date": "2026-06-14",
      "epss": "0.00022",
      "percentile": "0.06407"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.5\", \"versionEndExcluding\": \"4.19.322\", \"matchCriteriaId\": \"EAB8EA35-2061-4F7A-8F89-A75EBF6032D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.20\", \"versionEndExcluding\": \"5.4.284\", \"matchCriteriaId\": \"6265A402-9C3C-438F-BFC5-4194B2568B85\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.5\", \"versionEndExcluding\": \"5.10.226\", \"matchCriteriaId\": \"864FC17C-501A-4823-A643-6F35D65D8A97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.11\", \"versionEndExcluding\": \"5.15.167\", \"matchCriteriaId\": \"043405A4-25FE-45D4-A7BB-2A0C3B7D17C1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.16\", \"versionEndExcluding\": \"6.1.110\", \"matchCriteriaId\": \"6B1A95FC-7E7E-428B-BB59-F76640C652AE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.2\", \"versionEndExcluding\": \"6.6.51\", \"matchCriteriaId\": \"E4529134-BAC4-4776-840B-304009E181A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.7\", \"versionEndExcluding\": \"6.10.10\", \"matchCriteriaId\": \"ACDEE48C-137A-4731-90D0-A675865E1BED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"8B3CE743-2126-47A3-8B7C-822B502CF119\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"4DEB27E7-30AA-45CC-8934-B89263EF3551\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0005AEF-856E-47EB-BFE4-90C46899394D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*\", \"matchCriteriaId\": \"39889A68-6D34-47A6-82FC-CD0BF23D6754\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8383ABF-1457-401F-9B61-EE50F4C61F4F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*\", \"matchCriteriaId\": \"B77A9280-37E6-49AD-B559-5B23A3B1DC3D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nila: call nf_unregister_net_hooks() sooner\\n\\nsyzbot found an use-after-free Read in ila_nf_input [1]\\n\\nIssue here is that ila_xlat_exit_net() frees the rhashtable,\\nthen call nf_unregister_net_hooks().\\n\\nIt should be done in the reverse way, with a synchronize_rcu().\\n\\nThis is a good match for a pre_exit() method.\\n\\n[1]\\n BUG: KASAN: use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\\n BUG: KASAN: use-after-free in __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\\n BUG: KASAN: use-after-free in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\\n BUG: KASAN: use-after-free in rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\\nRead of size 4 at addr ffff888064620008 by task ksoftirqd/0/16\\n\\nCPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc4-syzkaller-00238-g2ad6d23f465a #0\\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\\nCall Trace:\\n \u003cTASK\u003e\\n  __dump_stack lib/dump_stack.c:93 [inline]\\n  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\\n  print_address_description mm/kasan/report.c:377 [inline]\\n  print_report+0x169/0x550 mm/kasan/report.c:488\\n  kasan_report+0x143/0x180 mm/kasan/report.c:601\\n  rht_key_hashfn include/linux/rhashtable.h:159 [inline]\\n  __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\\n  rhashtable_lookup include/linux/rhashtable.h:646 [inline]\\n  rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\\n  ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:132 [inline]\\n  ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\\n  ila_nf_input+0x1fe/0x3c0 net/ipv6/ila/ila_xlat.c:190\\n  nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\\n  nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626\\n  nf_hook include/linux/netfilter.h:269 [inline]\\n  NF_HOOK+0x29e/0x450 include/linux/netfilter.h:312\\n  __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\\n  __netif_receive_skb+0x1ea/0x650 net/core/dev.c:5775\\n  process_backlog+0x662/0x15b0 net/core/dev.c:6108\\n  __napi_poll+0xcb/0x490 net/core/dev.c:6772\\n  napi_poll net/core/dev.c:6841 [inline]\\n  net_rx_action+0x89b/0x1240 net/core/dev.c:6963\\n  handle_softirqs+0x2c4/0x970 kernel/softirq.c:554\\n  run_ksoftirqd+0xca/0x130 kernel/softirq.c:928\\n  smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164\\n  kthread+0x2f0/0x390 kernel/kthread.c:389\\n  ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\\n  ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\\n \u003c/TASK\u003e\\n\\nThe buggy address belongs to the physical page:\\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x64620\\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\\npage_type: 0xbfffffff(buddy)\\nraw: 00fff00000000000 ffffea0000959608 ffffea00019d9408 0000000000000000\\nraw: 0000000000000000 0000000000000003 00000000bfffffff 0000000000000000\\npage dumped because: kasan: bad access detected\\npage_owner tracks the page as freed\\npage last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 5242, tgid 5242 (syz-executor), ts 73611328570, free_ts 618981657187\\n  set_page_owner include/linux/page_owner.h:32 [inline]\\n  post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493\\n  prep_new_page mm/page_alloc.c:1501 [inline]\\n  get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3439\\n  __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695\\n  __alloc_pages_node_noprof include/linux/gfp.h:269 [inline]\\n  alloc_pages_node_noprof include/linux/gfp.h:296 [inline]\\n  ___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4103\\n  __kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4130\\n  __do_kmalloc_node mm/slub.c:4146 [inline]\\n  __kmalloc_node_noprof+0x2d2/0x440 mm/slub.c:4164\\n  __kvmalloc_node_noprof+0x72/0x190 mm/util.c:650\\n  bucket_table_alloc lib/rhashtable.c:186 [inline]\\n  rhashtable_init_noprof+0x534/0xa60 lib/rhashtable.c:1071\\n  ila_xlat_init_net+0xa0/0x110 net/ipv6/ila/ila_xlat.c:613\\n  ops_ini\\n---truncated---\"}, {\"lang\": \"es\", \"value\": \"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ila: llamar a nf_unregister_net_hooks() antes de que syzbot encuentre una lectura de uso posterior a la liberaci\\u00f3n en ila_nf_input [1] El problema aqu\\u00ed es que ila_xlat_exit_net() libera la tabla rhash y luego llama a nf_unregister_net_hooks(). Deber\\u00eda hacerse de forma inversa, con unsynchronous_rcu(). Esta es una buena combinaci\\u00f3n para un m\\u00e9todo pre_exit(). [1] ERROR: KASAN: use after free en rht_key_hashfn include/linux/rhashtable.h:159 [en l\\u00ednea] ERROR: KASAN: use after free en __rhashtable_lookup include/linux/rhashtable.h:604 [en l\\u00ednea] ERROR: KASAN: use after free en rhashtable_lookup include/linux/rhashtable.h:646 [en l\\u00ednea] ERROR: KASAN: use after free en rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672 Lectura de tama\\u00f1o 4 en la direcci\\u00f3n ffff888064620008 por la tarea ksoftirqd/0/16 CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 No contaminado 6.11.0-rc4-syzkaller-00238-g2ad6d23f465a #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Seguimiento de llamadas:  __dump_stack lib/dump_stack.c:93 [en l\\u00ednea] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119 print_address_description mm/kasan/report.c:377 [en l\\u00ednea] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 rht_key_hashfn include/linux/rhashtable.h:159 [en l\\u00ednea] __rhashtable_lookup include/linux/rhashtable.h:604 [en l\\u00ednea] rhashtable_lookup include/linux/rhashtable.h:646 [en l\\u00ednea] rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672 ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:132 [en l\\u00ednea] ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [en l\\u00ednea] ila_nf_input+0x1fe/0x3c0 net/ipv6/ila/ila_xlat.c:190 nf_hook_entry_hookfn include/linux/netfilter.h:154 [en l\\u00ednea] nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626 nf_hook include/linux/netfilter.h:269 [en l\\u00ednea] NF_HOOK+0x29e/0x450 include/linux/netfilter.h:312 __netif_receive_skb_one_core net/core/dev.c:5661 [en l\\u00ednea] __netif_receive_skb+0x1ea/0x650 net/core/dev.c:5775 process_backlog+0x662/0x15b0 net/core/dev.c:6108 __napi_poll+0xcb/0x490 net/core/dev.c:6772 napi_poll net/core/dev.c:6841 [en l\\u00ednea] net_rx_action+0x89b/0x1240 net/core/dev.c:6963 handle_softirqs+0x2c4/0x970 kernel/softirq.c:554 run_ksoftirqd+0xca/0x130 kernel/softirq.c:928 smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244  La direcci\\u00f3n con errores pertenece a la p\\u00e1gina f\\u00edsica: page: refcount:0 mapcount:0 mapping:0000000000000000 \\u00edndice:0x0 pfn:0x64620 indicadores: 0xfff00000000000(nodo=0|zona=1|lastcpupid=0x7ff) tipo_p\\u00e1gina: 0xbfffffff(amigo) sin procesar: 00fff00000000000 ffffea0000959608 ffffea00019d9408 0000000000000000 sin procesar: 000000000000000 000000000000003 00000000bfffffff 0000000000000000 p\\u00e1gina volcada porque: kasan: se detect\\u00f3 un acceso incorrecto page_owner rastrea la p\\u00e1gina como liberada \\u00faltima p\\u00e1gina asignada mediante orden 3, migrantstype inamovible, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 5242, tgid 5242 (ejecutor del sistema), ts 73611328570, free_ts 618981657187 establecer_propietario_de_p\\u00e1gina include/linux/page_owner.h:32 [en l\\u00ednea] post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493 preparar_nueva_p\\u00e1gina mm/page_alloc.c:1501 [en l\\u00ednea] obtener_p\\u00e1gina_de_lista_libre+0x2e4c/0x2f10 mm/page_alloc.c:3439 __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695 __alloc_pages_node_noprof include/linux/gfp.h:269 [en l\\u00ednea] alloc_pages_node_noprof include/linux/gfp.h:296 [en l\\u00ednea] ___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4103 __kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4130 __do_kmalloc_node mm/slub.c:4146 [en l\\u00ednea] __kmalloc_node_noprof+0x2d2/0x440 mm/slub.c:4164 __kvmalloc_node_noprof+0x72/0x190 mm/util.c:650 bucket_table_alloc lib/rhashtable.c:186 [en l\\u00ednea] ---truncado---\"}]",
      "id": "CVE-2024-46782",
      "lastModified": "2024-09-23T16:32:04.373",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}]}",
      "published": "2024-09-18T08:15:05.577",
      "references": "[{\"url\": \"https://git.kernel.org/stable/c/031ae72825cef43e4650140b800ad58bf7a6a466\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/18a5a16940464b301ea91bf5da3a324aedb347b2\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/43d34110882b97ba1ec66cc8234b18983efb9abf\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/47abd8adddbc0aecb8f231269ef659148d5dabe4\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/925c18a7cff93d8a4320d652351294ff7d0ac93c\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/93ee345ba349922834e6a9d1dadabaedcc12dce6\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/bda4d84ac0d5421b346faee720011f58bdb99673\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/dcaf4e2216824839d26727a15b638c6a677bd9fc\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}]",
      "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "vulnStatus": "Analyzed",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-416\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-46782\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-09-18T08:15:05.577\",\"lastModified\":\"2025-11-03T23:16:00.893\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nila: call nf_unregister_net_hooks() sooner\\n\\nsyzbot found an use-after-free Read in ila_nf_input [1]\\n\\nIssue here is that ila_xlat_exit_net() frees the rhashtable,\\nthen call nf_unregister_net_hooks().\\n\\nIt should be done in the reverse way, with a synchronize_rcu().\\n\\nThis is a good match for a pre_exit() method.\\n\\n[1]\\n BUG: KASAN: use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\\n BUG: KASAN: use-after-free in __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\\n BUG: KASAN: use-after-free in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\\n BUG: KASAN: use-after-free in rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\\nRead of size 4 at addr ffff888064620008 by task ksoftirqd/0/16\\n\\nCPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc4-syzkaller-00238-g2ad6d23f465a #0\\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\\nCall Trace:\\n \u003cTASK\u003e\\n  __dump_stack lib/dump_stack.c:93 [inline]\\n  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\\n  print_address_description mm/kasan/report.c:377 [inline]\\n  print_report+0x169/0x550 mm/kasan/report.c:488\\n  kasan_report+0x143/0x180 mm/kasan/report.c:601\\n  rht_key_hashfn include/linux/rhashtable.h:159 [inline]\\n  __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\\n  rhashtable_lookup include/linux/rhashtable.h:646 [inline]\\n  rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\\n  ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:132 [inline]\\n  ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\\n  ila_nf_input+0x1fe/0x3c0 net/ipv6/ila/ila_xlat.c:190\\n  nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\\n  nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626\\n  nf_hook include/linux/netfilter.h:269 [inline]\\n  NF_HOOK+0x29e/0x450 include/linux/netfilter.h:312\\n  __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\\n  __netif_receive_skb+0x1ea/0x650 net/core/dev.c:5775\\n  process_backlog+0x662/0x15b0 net/core/dev.c:6108\\n  __napi_poll+0xcb/0x490 net/core/dev.c:6772\\n  napi_poll net/core/dev.c:6841 [inline]\\n  net_rx_action+0x89b/0x1240 net/core/dev.c:6963\\n  handle_softirqs+0x2c4/0x970 kernel/softirq.c:554\\n  run_ksoftirqd+0xca/0x130 kernel/softirq.c:928\\n  smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164\\n  kthread+0x2f0/0x390 kernel/kthread.c:389\\n  ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\\n  ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\\n \u003c/TASK\u003e\\n\\nThe buggy address belongs to the physical page:\\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x64620\\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\\npage_type: 0xbfffffff(buddy)\\nraw: 00fff00000000000 ffffea0000959608 ffffea00019d9408 0000000000000000\\nraw: 0000000000000000 0000000000000003 00000000bfffffff 0000000000000000\\npage dumped because: kasan: bad access detected\\npage_owner tracks the page as freed\\npage last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 5242, tgid 5242 (syz-executor), ts 73611328570, free_ts 618981657187\\n  set_page_owner include/linux/page_owner.h:32 [inline]\\n  post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493\\n  prep_new_page mm/page_alloc.c:1501 [inline]\\n  get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3439\\n  __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695\\n  __alloc_pages_node_noprof include/linux/gfp.h:269 [inline]\\n  alloc_pages_node_noprof include/linux/gfp.h:296 [inline]\\n  ___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4103\\n  __kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4130\\n  __do_kmalloc_node mm/slub.c:4146 [inline]\\n  __kmalloc_node_noprof+0x2d2/0x440 mm/slub.c:4164\\n  __kvmalloc_node_noprof+0x72/0x190 mm/util.c:650\\n  bucket_table_alloc lib/rhashtable.c:186 [inline]\\n  rhashtable_init_noprof+0x534/0xa60 lib/rhashtable.c:1071\\n  ila_xlat_init_net+0xa0/0x110 net/ipv6/ila/ila_xlat.c:613\\n  ops_ini\\n---truncated---\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ila: llamar a nf_unregister_net_hooks() antes de que syzbot encuentre una lectura de uso posterior a la liberaci\u00f3n en ila_nf_input [1] El problema aqu\u00ed es que ila_xlat_exit_net() libera la tabla rhash y luego llama a nf_unregister_net_hooks(). Deber\u00eda hacerse de forma inversa, con unsynchronous_rcu(). Esta es una buena combinaci\u00f3n para un m\u00e9todo pre_exit(). [1] ERROR: KASAN: use after free en rht_key_hashfn include/linux/rhashtable.h:159 [en l\u00ednea] ERROR: KASAN: use after free en __rhashtable_lookup include/linux/rhashtable.h:604 [en l\u00ednea] ERROR: KASAN: use after free en rhashtable_lookup include/linux/rhashtable.h:646 [en l\u00ednea] ERROR: KASAN: use after free en rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672 Lectura de tama\u00f1o 4 en la direcci\u00f3n ffff888064620008 por la tarea ksoftirqd/0/16 CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 No contaminado 6.11.0-rc4-syzkaller-00238-g2ad6d23f465a #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Seguimiento de llamadas:  __dump_stack lib/dump_stack.c:93 [en l\u00ednea] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119 print_address_description mm/kasan/report.c:377 [en l\u00ednea] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 rht_key_hashfn include/linux/rhashtable.h:159 [en l\u00ednea] __rhashtable_lookup include/linux/rhashtable.h:604 [en l\u00ednea] rhashtable_lookup include/linux/rhashtable.h:646 [en l\u00ednea] rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672 ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:132 [en l\u00ednea] ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [en l\u00ednea] ila_nf_input+0x1fe/0x3c0 net/ipv6/ila/ila_xlat.c:190 nf_hook_entry_hookfn include/linux/netfilter.h:154 [en l\u00ednea] nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626 nf_hook include/linux/netfilter.h:269 [en l\u00ednea] NF_HOOK+0x29e/0x450 include/linux/netfilter.h:312 __netif_receive_skb_one_core net/core/dev.c:5661 [en l\u00ednea] __netif_receive_skb+0x1ea/0x650 net/core/dev.c:5775 process_backlog+0x662/0x15b0 net/core/dev.c:6108 __napi_poll+0xcb/0x490 net/core/dev.c:6772 napi_poll net/core/dev.c:6841 [en l\u00ednea] net_rx_action+0x89b/0x1240 net/core/dev.c:6963 handle_softirqs+0x2c4/0x970 kernel/softirq.c:554 run_ksoftirqd+0xca/0x130 kernel/softirq.c:928 smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244  La direcci\u00f3n con errores pertenece a la p\u00e1gina f\u00edsica: page: refcount:0 mapcount:0 mapping:0000000000000000 \u00edndice:0x0 pfn:0x64620 indicadores: 0xfff00000000000(nodo=0|zona=1|lastcpupid=0x7ff) tipo_p\u00e1gina: 0xbfffffff(amigo) sin procesar: 00fff00000000000 ffffea0000959608 ffffea00019d9408 0000000000000000 sin procesar: 000000000000000 000000000000003 00000000bfffffff 0000000000000000 p\u00e1gina volcada porque: kasan: se detect\u00f3 un acceso incorrecto page_owner rastrea la p\u00e1gina como liberada \u00faltima p\u00e1gina asignada mediante orden 3, migrantstype inamovible, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 5242, tgid 5242 (ejecutor del sistema), ts 73611328570, free_ts 618981657187 establecer_propietario_de_p\u00e1gina include/linux/page_owner.h:32 [en l\u00ednea] post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493 preparar_nueva_p\u00e1gina mm/page_alloc.c:1501 [en l\u00ednea] obtener_p\u00e1gina_de_lista_libre+0x2e4c/0x2f10 mm/page_alloc.c:3439 __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695 __alloc_pages_node_noprof include/linux/gfp.h:269 [en l\u00ednea] alloc_pages_node_noprof include/linux/gfp.h:296 [en l\u00ednea] ___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4103 __kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4130 __do_kmalloc_node mm/slub.c:4146 [en l\u00ednea] __kmalloc_node_noprof+0x2d2/0x440 mm/slub.c:4164 __kvmalloc_node_noprof+0x72/0x190 mm/util.c:650 bucket_table_alloc lib/rhashtable.c:186 [en l\u00ednea] ---truncado---\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.5\",\"versionEndExcluding\":\"4.19.322\",\"matchCriteriaId\":\"EAB8EA35-2061-4F7A-8F89-A75EBF6032D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.20\",\"versionEndExcluding\":\"5.4.284\",\"matchCriteriaId\":\"6265A402-9C3C-438F-BFC5-4194B2568B85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.226\",\"matchCriteriaId\":\"864FC17C-501A-4823-A643-6F35D65D8A97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.167\",\"matchCriteriaId\":\"043405A4-25FE-45D4-A7BB-2A0C3B7D17C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.110\",\"matchCriteriaId\":\"6B1A95FC-7E7E-428B-BB59-F76640C652AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.51\",\"matchCriteriaId\":\"E4529134-BAC4-4776-840B-304009E181A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.10.10\",\"matchCriteriaId\":\"ACDEE48C-137A-4731-90D0-A675865E1BED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B3CE743-2126-47A3-8B7C-822B502CF119\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DEB27E7-30AA-45CC-8934-B89263EF3551\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0005AEF-856E-47EB-BFE4-90C46899394D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"39889A68-6D34-47A6-82FC-CD0BF23D6754\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8383ABF-1457-401F-9B61-EE50F4C61F4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"B77A9280-37E6-49AD-B559-5B23A3B1DC3D\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/031ae72825cef43e4650140b800ad58bf7a6a466\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/18a5a16940464b301ea91bf5da3a324aedb347b2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/43d34110882b97ba1ec66cc8234b18983efb9abf\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/47abd8adddbc0aecb8f231269ef659148d5dabe4\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/925c18a7cff93d8a4320d652351294ff7d0ac93c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/93ee345ba349922834e6a9d1dadabaedcc12dce6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/bda4d84ac0d5421b346faee720011f58bdb99673\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/dcaf4e2216824839d26727a15b638c6a677bd9fc\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T22:18:26.768Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-46782\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-29T14:30:14.976916Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-29T14:30:19.311Z\"}}], \"cna\": {\"title\": \"ila: call nf_unregister_net_hooks() sooner\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"7f00feaf107645d95a6d87e99b4d141ac0a08efd\", \"lessThan\": \"43d34110882b97ba1ec66cc8234b18983efb9abf\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"7f00feaf107645d95a6d87e99b4d141ac0a08efd\", \"lessThan\": \"dcaf4e2216824839d26727a15b638c6a677bd9fc\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"7f00feaf107645d95a6d87e99b4d141ac0a08efd\", \"lessThan\": \"93ee345ba349922834e6a9d1dadabaedcc12dce6\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"7f00feaf107645d95a6d87e99b4d141ac0a08efd\", \"lessThan\": \"bda4d84ac0d5421b346faee720011f58bdb99673\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"7f00feaf107645d95a6d87e99b4d141ac0a08efd\", \"lessThan\": \"925c18a7cff93d8a4320d652351294ff7d0ac93c\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"7f00feaf107645d95a6d87e99b4d141ac0a08efd\", \"lessThan\": \"18a5a16940464b301ea91bf5da3a324aedb347b2\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"7f00feaf107645d95a6d87e99b4d141ac0a08efd\", \"lessThan\": \"47abd8adddbc0aecb8f231269ef659148d5dabe4\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"7f00feaf107645d95a6d87e99b4d141ac0a08efd\", \"lessThan\": \"031ae72825cef43e4650140b800ad58bf7a6a466\", \"versionType\": \"git\"}], \"programFiles\": [\"net/ipv6/ila/ila.h\", \"net/ipv6/ila/ila_main.c\", \"net/ipv6/ila/ila_xlat.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.5\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"4.5\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"4.19.322\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.19.*\"}, {\"status\": \"unaffected\", \"version\": \"5.4.284\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.4.*\"}, {\"status\": \"unaffected\", \"version\": \"5.10.226\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.167\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"6.1.110\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.6.51\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.10.10\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.10.*\"}, {\"status\": \"unaffected\", \"version\": \"6.11\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"net/ipv6/ila/ila.h\", \"net/ipv6/ila/ila_main.c\", \"net/ipv6/ila/ila_xlat.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/43d34110882b97ba1ec66cc8234b18983efb9abf\"}, {\"url\": \"https://git.kernel.org/stable/c/dcaf4e2216824839d26727a15b638c6a677bd9fc\"}, {\"url\": \"https://git.kernel.org/stable/c/93ee345ba349922834e6a9d1dadabaedcc12dce6\"}, {\"url\": \"https://git.kernel.org/stable/c/bda4d84ac0d5421b346faee720011f58bdb99673\"}, {\"url\": \"https://git.kernel.org/stable/c/925c18a7cff93d8a4320d652351294ff7d0ac93c\"}, {\"url\": \"https://git.kernel.org/stable/c/18a5a16940464b301ea91bf5da3a324aedb347b2\"}, {\"url\": \"https://git.kernel.org/stable/c/47abd8adddbc0aecb8f231269ef659148d5dabe4\"}, {\"url\": \"https://git.kernel.org/stable/c/031ae72825cef43e4650140b800ad58bf7a6a466\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nila: call nf_unregister_net_hooks() sooner\\n\\nsyzbot found an use-after-free Read in ila_nf_input [1]\\n\\nIssue here is that ila_xlat_exit_net() frees the rhashtable,\\nthen call nf_unregister_net_hooks().\\n\\nIt should be done in the reverse way, with a synchronize_rcu().\\n\\nThis is a good match for a pre_exit() method.\\n\\n[1]\\n BUG: KASAN: use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\\n BUG: KASAN: use-after-free in __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\\n BUG: KASAN: use-after-free in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\\n BUG: KASAN: use-after-free in rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\\nRead of size 4 at addr ffff888064620008 by task ksoftirqd/0/16\\n\\nCPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc4-syzkaller-00238-g2ad6d23f465a #0\\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\\nCall Trace:\\n \u003cTASK\u003e\\n  __dump_stack lib/dump_stack.c:93 [inline]\\n  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\\n  print_address_description mm/kasan/report.c:377 [inline]\\n  print_report+0x169/0x550 mm/kasan/report.c:488\\n  kasan_report+0x143/0x180 mm/kasan/report.c:601\\n  rht_key_hashfn include/linux/rhashtable.h:159 [inline]\\n  __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\\n  rhashtable_lookup include/linux/rhashtable.h:646 [inline]\\n  rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\\n  ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:132 [inline]\\n  ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\\n  ila_nf_input+0x1fe/0x3c0 net/ipv6/ila/ila_xlat.c:190\\n  nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\\n  nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626\\n  nf_hook include/linux/netfilter.h:269 [inline]\\n  NF_HOOK+0x29e/0x450 include/linux/netfilter.h:312\\n  __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\\n  __netif_receive_skb+0x1ea/0x650 net/core/dev.c:5775\\n  process_backlog+0x662/0x15b0 net/core/dev.c:6108\\n  __napi_poll+0xcb/0x490 net/core/dev.c:6772\\n  napi_poll net/core/dev.c:6841 [inline]\\n  net_rx_action+0x89b/0x1240 net/core/dev.c:6963\\n  handle_softirqs+0x2c4/0x970 kernel/softirq.c:554\\n  run_ksoftirqd+0xca/0x130 kernel/softirq.c:928\\n  smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164\\n  kthread+0x2f0/0x390 kernel/kthread.c:389\\n  ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\\n  ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\\n \u003c/TASK\u003e\\n\\nThe buggy address belongs to the physical page:\\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x64620\\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\\npage_type: 0xbfffffff(buddy)\\nraw: 00fff00000000000 ffffea0000959608 ffffea00019d9408 0000000000000000\\nraw: 0000000000000000 0000000000000003 00000000bfffffff 0000000000000000\\npage dumped because: kasan: bad access detected\\npage_owner tracks the page as freed\\npage last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 5242, tgid 5242 (syz-executor), ts 73611328570, free_ts 618981657187\\n  set_page_owner include/linux/page_owner.h:32 [inline]\\n  post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493\\n  prep_new_page mm/page_alloc.c:1501 [inline]\\n  get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3439\\n  __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695\\n  __alloc_pages_node_noprof include/linux/gfp.h:269 [inline]\\n  alloc_pages_node_noprof include/linux/gfp.h:296 [inline]\\n  ___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4103\\n  __kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4130\\n  __do_kmalloc_node mm/slub.c:4146 [inline]\\n  __kmalloc_node_noprof+0x2d2/0x440 mm/slub.c:4164\\n  __kvmalloc_node_noprof+0x72/0x190 mm/util.c:650\\n  bucket_table_alloc lib/rhashtable.c:186 [inline]\\n  rhashtable_init_noprof+0x534/0xa60 lib/rhashtable.c:1071\\n  ila_xlat_init_net+0xa0/0x110 net/ipv6/ila/ila_xlat.c:613\\n  ops_ini\\n---truncated---\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.19.322\", \"versionStartIncluding\": \"4.5\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.4.284\", \"versionStartIncluding\": \"4.5\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.10.226\", \"versionStartIncluding\": \"4.5\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.15.167\", \"versionStartIncluding\": \"4.5\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.1.110\", \"versionStartIncluding\": \"4.5\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.6.51\", \"versionStartIncluding\": \"4.5\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.10.10\", \"versionStartIncluding\": \"4.5\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.11\", \"versionStartIncluding\": \"4.5\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-05-04T09:34:10.865Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-46782\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T22:18:26.768Z\", \"dateReserved\": \"2024-09-11T15:12:18.276Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-09-18T07:12:38.652Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.