CVE-2024-46684 (GCVE-0-2024-46684)

Vulnerability from cvelistv5 – Published: 2024-09-13 05:29 – Updated: 2025-05-04 09:31
VLAI?
Title
binfmt_elf_fdpic: fix AUXV size calculation when ELF_HWCAP2 is defined
Summary
In the Linux kernel, the following vulnerability has been resolved: binfmt_elf_fdpic: fix AUXV size calculation when ELF_HWCAP2 is defined create_elf_fdpic_tables() does not correctly account the space for the AUX vector when an architecture has ELF_HWCAP2 defined. Prior to the commit 10e29251be0e ("binfmt_elf_fdpic: fix /proc/<pid>/auxv") it resulted in the last entry of the AUX vector being set to zero, but with that change it results in a kernel BUG. Fix that by adding one to the number of AUXV entries (nitems) when ELF_HWCAP2 is defined.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 10e29251be0e9f774910c1baaa89355859491769 , < c507da85e4f80c630deb9e98222ccf4118cbe6f8 (git)
Affected: 10e29251be0e9f774910c1baaa89355859491769 , < c6a09e342f8e6d3cac7f7c5c14085236aca284b9 (git)
Create a notification for this product.
    Linux Linux Affected: 6.10
Unaffected: 0 , < 6.10 (semver)
Unaffected: 6.10.8 , ≤ 6.10.* (semver)
Unaffected: 6.11 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46684",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T15:08:43.171193Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T15:08:57.536Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/binfmt_elf_fdpic.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c507da85e4f80c630deb9e98222ccf4118cbe6f8",
              "status": "affected",
              "version": "10e29251be0e9f774910c1baaa89355859491769",
              "versionType": "git"
            },
            {
              "lessThan": "c6a09e342f8e6d3cac7f7c5c14085236aca284b9",
              "status": "affected",
              "version": "10e29251be0e9f774910c1baaa89355859491769",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/binfmt_elf_fdpic.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.10"
            },
            {
              "lessThan": "6.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.8",
                  "versionStartIncluding": "6.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "6.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinfmt_elf_fdpic: fix AUXV size calculation when ELF_HWCAP2 is defined\n\ncreate_elf_fdpic_tables() does not correctly account the space for the\nAUX vector when an architecture has ELF_HWCAP2 defined. Prior to the\ncommit 10e29251be0e (\"binfmt_elf_fdpic: fix /proc/\u003cpid\u003e/auxv\") it\nresulted in the last entry of the AUX vector being set to zero, but with\nthat change it results in a kernel BUG.\n\nFix that by adding one to the number of AUXV entries (nitems) when\nELF_HWCAP2 is defined."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:31:50.297Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c507da85e4f80c630deb9e98222ccf4118cbe6f8"
        },
        {
          "url": "https://git.kernel.org/stable/c/c6a09e342f8e6d3cac7f7c5c14085236aca284b9"
        }
      ],
      "title": "binfmt_elf_fdpic: fix AUXV size calculation when ELF_HWCAP2 is defined",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46684",
    "datePublished": "2024-09-13T05:29:16.556Z",
    "dateReserved": "2024-09-11T15:12:18.248Z",
    "dateUpdated": "2025-05-04T09:31:50.297Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.10\", \"versionEndExcluding\": \"6.10.8\", \"matchCriteriaId\": \"2CE718D7-41ED-4D4A-AED5-326C3D4383FB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"8B3CE743-2126-47A3-8B7C-822B502CF119\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"4DEB27E7-30AA-45CC-8934-B89263EF3551\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0005AEF-856E-47EB-BFE4-90C46899394D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*\", \"matchCriteriaId\": \"39889A68-6D34-47A6-82FC-CD0BF23D6754\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8383ABF-1457-401F-9B61-EE50F4C61F4F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nbinfmt_elf_fdpic: fix AUXV size calculation when ELF_HWCAP2 is defined\\n\\ncreate_elf_fdpic_tables() does not correctly account the space for the\\nAUX vector when an architecture has ELF_HWCAP2 defined. Prior to the\\ncommit 10e29251be0e (\\\"binfmt_elf_fdpic: fix /proc/\u003cpid\u003e/auxv\\\") it\\nresulted in the last entry of the AUX vector being set to zero, but with\\nthat change it results in a kernel BUG.\\n\\nFix that by adding one to the number of AUXV entries (nitems) when\\nELF_HWCAP2 is defined.\"}, {\"lang\": \"es\", \"value\": \"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: binfmt_elf_fdpic: se corrige el c\\u00e1lculo del tama\\u00f1o de AUXV cuando se define ELF_HWCAP2 create_elf_fdpic_tables() no tiene en cuenta correctamente el espacio para el vector AUX cuando una arquitectura tiene definido ELF_HWCAP2. Antes del commit 10e29251be0e (\\\"binfmt_elf_fdpic: fix /proc//auxv\\\"), esto provocaba que la \\u00faltima entrada del vector AUX se estableciera en cero, pero con ese cambio se produce un ERROR del kernel. Corrija esto a\\u00f1adiendo uno al n\\u00famero de entradas AUXV (nitems) cuando se define ELF_HWCAP2.\"}]",
      "id": "CVE-2024-46684",
      "lastModified": "2024-09-19T18:04:22.623",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}]}",
      "published": "2024-09-13T06:15:13.103",
      "references": "[{\"url\": \"https://git.kernel.org/stable/c/c507da85e4f80c630deb9e98222ccf4118cbe6f8\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/c6a09e342f8e6d3cac7f7c5c14085236aca284b9\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}]",
      "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "vulnStatus": "Analyzed",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-131\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-46684\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-09-13T06:15:13.103\",\"lastModified\":\"2024-09-19T18:04:22.623\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nbinfmt_elf_fdpic: fix AUXV size calculation when ELF_HWCAP2 is defined\\n\\ncreate_elf_fdpic_tables() does not correctly account the space for the\\nAUX vector when an architecture has ELF_HWCAP2 defined. Prior to the\\ncommit 10e29251be0e (\\\"binfmt_elf_fdpic: fix /proc/\u003cpid\u003e/auxv\\\") it\\nresulted in the last entry of the AUX vector being set to zero, but with\\nthat change it results in a kernel BUG.\\n\\nFix that by adding one to the number of AUXV entries (nitems) when\\nELF_HWCAP2 is defined.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: binfmt_elf_fdpic: se corrige el c\u00e1lculo del tama\u00f1o de AUXV cuando se define ELF_HWCAP2 create_elf_fdpic_tables() no tiene en cuenta correctamente el espacio para el vector AUX cuando una arquitectura tiene definido ELF_HWCAP2. Antes del commit 10e29251be0e (\\\"binfmt_elf_fdpic: fix /proc//auxv\\\"), esto provocaba que la \u00faltima entrada del vector AUX se estableciera en cero, pero con ese cambio se produce un ERROR del kernel. Corrija esto a\u00f1adiendo uno al n\u00famero de entradas AUXV (nitems) cuando se define ELF_HWCAP2.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-131\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.10\",\"versionEndExcluding\":\"6.10.8\",\"matchCriteriaId\":\"2CE718D7-41ED-4D4A-AED5-326C3D4383FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B3CE743-2126-47A3-8B7C-822B502CF119\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DEB27E7-30AA-45CC-8934-B89263EF3551\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0005AEF-856E-47EB-BFE4-90C46899394D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"39889A68-6D34-47A6-82FC-CD0BF23D6754\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8383ABF-1457-401F-9B61-EE50F4C61F4F\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/c507da85e4f80c630deb9e98222ccf4118cbe6f8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c6a09e342f8e6d3cac7f7c5c14085236aca284b9\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-46684\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-29T15:08:43.171193Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-29T15:08:47.410Z\"}}], \"cna\": {\"title\": \"binfmt_elf_fdpic: fix AUXV size calculation when ELF_HWCAP2 is defined\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"10e29251be0e9f774910c1baaa89355859491769\", \"lessThan\": \"c507da85e4f80c630deb9e98222ccf4118cbe6f8\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"10e29251be0e9f774910c1baaa89355859491769\", \"lessThan\": \"c6a09e342f8e6d3cac7f7c5c14085236aca284b9\", \"versionType\": \"git\"}], \"programFiles\": [\"fs/binfmt_elf_fdpic.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.10\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"6.10\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"6.10.8\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.10.*\"}, {\"status\": \"unaffected\", \"version\": \"6.11\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"fs/binfmt_elf_fdpic.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/c507da85e4f80c630deb9e98222ccf4118cbe6f8\"}, {\"url\": \"https://git.kernel.org/stable/c/c6a09e342f8e6d3cac7f7c5c14085236aca284b9\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nbinfmt_elf_fdpic: fix AUXV size calculation when ELF_HWCAP2 is defined\\n\\ncreate_elf_fdpic_tables() does not correctly account the space for the\\nAUX vector when an architecture has ELF_HWCAP2 defined. Prior to the\\ncommit 10e29251be0e (\\\"binfmt_elf_fdpic: fix /proc/\u003cpid\u003e/auxv\\\") it\\nresulted in the last entry of the AUX vector being set to zero, but with\\nthat change it results in a kernel BUG.\\n\\nFix that by adding one to the number of AUXV entries (nitems) when\\nELF_HWCAP2 is defined.\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.10.8\", \"versionStartIncluding\": \"6.10\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.11\", \"versionStartIncluding\": \"6.10\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-05-04T09:31:50.297Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-46684\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-04T09:31:50.297Z\", \"dateReserved\": \"2024-09-11T15:12:18.248Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-09-13T05:29:16.556Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.