{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-46782", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-09-11T15:12:18.276Z", "datePublished": "2024-09-18T07:12:38.652Z", "dateUpdated": "2026-05-11T20:36:22.752Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T20:36:22.752Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nila: call nf_unregister_net_hooks() sooner\n\nsyzbot found an use-after-free Read in ila_nf_input [1]\n\nIssue here is that ila_xlat_exit_net() frees the rhashtable,\nthen call nf_unregister_net_hooks().\n\nIt should be done in the reverse way, with a synchronize_rcu().\n\nThis is a good match for a pre_exit() method.\n\n[1]\n BUG: KASAN: use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n BUG: KASAN: use-after-free in __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\nRead of size 4 at addr ffff888064620008 by task ksoftirqd/0/16\n\nCPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc4-syzkaller-00238-g2ad6d23f465a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\n ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:132 [inline]\n ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\n ila_nf_input+0x1fe/0x3c0 net/ipv6/ila/ila_xlat.c:190\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626\n nf_hook include/linux/netfilter.h:269 [inline]\n NF_HOOK+0x29e/0x450 include/linux/netfilter.h:312\n __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\n __netif_receive_skb+0x1ea/0x650 net/core/dev.c:5775\n process_backlog+0x662/0x15b0 net/core/dev.c:6108\n __napi_poll+0xcb/0x490 net/core/dev.c:6772\n napi_poll net/core/dev.c:6841 [inline]\n net_rx_action+0x89b/0x1240 net/core/dev.c:6963\n handle_softirqs+0x2c4/0x970 kernel/softirq.c:554\n run_ksoftirqd+0xca/0x130 kernel/softirq.c:928\n smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n </TASK>\n\nThe buggy address belongs to the physical page:\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x64620\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\npage_type: 0xbfffffff(buddy)\nraw: 00fff00000000000 ffffea0000959608 ffffea00019d9408 0000000000000000\nraw: 0000000000000000 0000000000000003 00000000bfffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as freed\npage last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 5242, tgid 5242 (syz-executor), ts 73611328570, free_ts 618981657187\n set_page_owner include/linux/page_owner.h:32 [inline]\n post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493\n prep_new_page mm/page_alloc.c:1501 [inline]\n get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3439\n __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695\n __alloc_pages_node_noprof include/linux/gfp.h:269 [inline]\n alloc_pages_node_noprof include/linux/gfp.h:296 [inline]\n ___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4103\n __kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4130\n __do_kmalloc_node mm/slub.c:4146 [inline]\n __kmalloc_node_noprof+0x2d2/0x440 mm/slub.c:4164\n __kvmalloc_node_noprof+0x72/0x190 mm/util.c:650\n bucket_table_alloc lib/rhashtable.c:186 [inline]\n rhashtable_init_noprof+0x534/0xa60 lib/rhashtable.c:1071\n ila_xlat_init_net+0xa0/0x110 net/ipv6/ila/ila_xlat.c:613\n ops_ini\n---truncated---"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv6/ila/ila.h", "net/ipv6/ila/ila_main.c", "net/ipv6/ila/ila_xlat.c"], "versions": [{"version": "7f00feaf107645d95a6d87e99b4d141ac0a08efd", "lessThan": "43d34110882b97ba1ec66cc8234b18983efb9abf", "status": "affected", "versionType": "git"}, {"version": "7f00feaf107645d95a6d87e99b4d141ac0a08efd", "lessThan": "dcaf4e2216824839d26727a15b638c6a677bd9fc", "status": "affected", "versionType": "git"}, {"version": "7f00feaf107645d95a6d87e99b4d141ac0a08efd", "lessThan": "93ee345ba349922834e6a9d1dadabaedcc12dce6", "status": "affected", "versionType": "git"}, {"version": "7f00feaf107645d95a6d87e99b4d141ac0a08efd", "lessThan": "bda4d84ac0d5421b346faee720011f58bdb99673", "status": "affected", "versionType": "git"}, {"version": "7f00feaf107645d95a6d87e99b4d141ac0a08efd", "lessThan": "925c18a7cff93d8a4320d652351294ff7d0ac93c", "status": "affected", "versionType": "git"}, {"version": "7f00feaf107645d95a6d87e99b4d141ac0a08efd", "lessThan": "18a5a16940464b301ea91bf5da3a324aedb347b2", "status": "affected", "versionType": "git"}, {"version": "7f00feaf107645d95a6d87e99b4d141ac0a08efd", "lessThan": "47abd8adddbc0aecb8f231269ef659148d5dabe4", "status": "affected", "versionType": "git"}, {"version": "7f00feaf107645d95a6d87e99b4d141ac0a08efd", "lessThan": "031ae72825cef43e4650140b800ad58bf7a6a466", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv6/ila/ila.h", "net/ipv6/ila/ila_main.c", "net/ipv6/ila/ila_xlat.c"], "versions": [{"version": "4.5", "status": "affected"}, {"version": "0", "lessThan": "4.5", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.322", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.284", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.226", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.167", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.110", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.51", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.10", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.5", "versionEndExcluding": "4.19.322"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.5", "versionEndExcluding": "5.4.284"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.5", "versionEndExcluding": "5.10.226"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.5", "versionEndExcluding": "5.15.167"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.5", "versionEndExcluding": "6.1.110"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.5", "versionEndExcluding": "6.6.51"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.5", "versionEndExcluding": "6.10.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.5", "versionEndExcluding": "6.11"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/43d34110882b97ba1ec66cc8234b18983efb9abf"}, {"url": "https://git.kernel.org/stable/c/dcaf4e2216824839d26727a15b638c6a677bd9fc"}, {"url": "https://git.kernel.org/stable/c/93ee345ba349922834e6a9d1dadabaedcc12dce6"}, {"url": "https://git.kernel.org/stable/c/bda4d84ac0d5421b346faee720011f58bdb99673"}, {"url": "https://git.kernel.org/stable/c/925c18a7cff93d8a4320d652351294ff7d0ac93c"}, {"url": "https://git.kernel.org/stable/c/18a5a16940464b301ea91bf5da3a324aedb347b2"}, {"url": "https://git.kernel.org/stable/c/47abd8adddbc0aecb8f231269ef659148d5dabe4"}, {"url": "https://git.kernel.org/stable/c/031ae72825cef43e4650140b800ad58bf7a6a466"}], "title": "ila: call nf_unregister_net_hooks() sooner", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-29T14:30:14.976916Z", "id": "CVE-2024-46782", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-10T13:18:35.725Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T22:18:26.768Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T22:18:26.768Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-46782", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-29T14:30:14.976916Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-29T14:30:19.311Z"}}], "cna": {"title": "ila: call nf_unregister_net_hooks() sooner", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "7f00feaf107645d95a6d87e99b4d141ac0a08efd", "lessThan": "43d34110882b97ba1ec66cc8234b18983efb9abf", "versionType": "git"}, {"status": "affected", "version": "7f00feaf107645d95a6d87e99b4d141ac0a08efd", "lessThan": "dcaf4e2216824839d26727a15b638c6a677bd9fc", "versionType": "git"}, {"status": "affected", "version": "7f00feaf107645d95a6d87e99b4d141ac0a08efd", "lessThan": "93ee345ba349922834e6a9d1dadabaedcc12dce6", "versionType": "git"}, {"status": "affected", "version": "7f00feaf107645d95a6d87e99b4d141ac0a08efd", "lessThan": "bda4d84ac0d5421b346faee720011f58bdb99673", "versionType": "git"}, {"status": "affected", "version": "7f00feaf107645d95a6d87e99b4d141ac0a08efd", "lessThan": "925c18a7cff93d8a4320d652351294ff7d0ac93c", "versionType": "git"}, {"status": "affected", "version": "7f00feaf107645d95a6d87e99b4d141ac0a08efd", "lessThan": "18a5a16940464b301ea91bf5da3a324aedb347b2", "versionType": "git"}, {"status": "affected", "version": "7f00feaf107645d95a6d87e99b4d141ac0a08efd", "lessThan": "47abd8adddbc0aecb8f231269ef659148d5dabe4", "versionType": "git"}, {"status": "affected", "version": "7f00feaf107645d95a6d87e99b4d141ac0a08efd", "lessThan": "031ae72825cef43e4650140b800ad58bf7a6a466", "versionType": "git"}], "programFiles": ["net/ipv6/ila/ila.h", "net/ipv6/ila/ila_main.c", "net/ipv6/ila/ila_xlat.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.5"}, {"status": "unaffected", "version": "0", "lessThan": "4.5", "versionType": "semver"}, {"status": "unaffected", "version": "4.19.322", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.284", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.226", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.167", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.110", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.51", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.10.10", "versionType": "semver", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/ipv6/ila/ila.h", "net/ipv6/ila/ila_main.c", "net/ipv6/ila/ila_xlat.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/43d34110882b97ba1ec66cc8234b18983efb9abf"}, {"url": "https://git.kernel.org/stable/c/dcaf4e2216824839d26727a15b638c6a677bd9fc"}, {"url": "https://git.kernel.org/stable/c/93ee345ba349922834e6a9d1dadabaedcc12dce6"}, {"url": "https://git.kernel.org/stable/c/bda4d84ac0d5421b346faee720011f58bdb99673"}, {"url": "https://git.kernel.org/stable/c/925c18a7cff93d8a4320d652351294ff7d0ac93c"}, {"url": "https://git.kernel.org/stable/c/18a5a16940464b301ea91bf5da3a324aedb347b2"}, {"url": "https://git.kernel.org/stable/c/47abd8adddbc0aecb8f231269ef659148d5dabe4"}, {"url": "https://git.kernel.org/stable/c/031ae72825cef43e4650140b800ad58bf7a6a466"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nila: call nf_unregister_net_hooks() sooner\n\nsyzbot found an use-after-free Read in ila_nf_input [1]\n\nIssue here is that ila_xlat_exit_net() frees the rhashtable,\nthen call nf_unregister_net_hooks().\n\nIt should be done in the reverse way, with a synchronize_rcu().\n\nThis is a good match for a pre_exit() method.\n\n[1]\n BUG: KASAN: use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n BUG: KASAN: use-after-free in __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\nRead of size 4 at addr ffff888064620008 by task ksoftirqd/0/16\n\nCPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc4-syzkaller-00238-g2ad6d23f465a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\n ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:132 [inline]\n ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\n ila_nf_input+0x1fe/0x3c0 net/ipv6/ila/ila_xlat.c:190\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626\n nf_hook include/linux/netfilter.h:269 [inline]\n NF_HOOK+0x29e/0x450 include/linux/netfilter.h:312\n __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\n __netif_receive_skb+0x1ea/0x650 net/core/dev.c:5775\n process_backlog+0x662/0x15b0 net/core/dev.c:6108\n __napi_poll+0xcb/0x490 net/core/dev.c:6772\n napi_poll net/core/dev.c:6841 [inline]\n net_rx_action+0x89b/0x1240 net/core/dev.c:6963\n handle_softirqs+0x2c4/0x970 kernel/softirq.c:554\n run_ksoftirqd+0xca/0x130 kernel/softirq.c:928\n smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n </TASK>\n\nThe buggy address belongs to the physical page:\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x64620\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\npage_type: 0xbfffffff(buddy)\nraw: 00fff00000000000 ffffea0000959608 ffffea00019d9408 0000000000000000\nraw: 0000000000000000 0000000000000003 00000000bfffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as freed\npage last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 5242, tgid 5242 (syz-executor), ts 73611328570, free_ts 618981657187\n set_page_owner include/linux/page_owner.h:32 [inline]\n post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493\n prep_new_page mm/page_alloc.c:1501 [inline]\n get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3439\n __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695\n __alloc_pages_node_noprof include/linux/gfp.h:269 [inline]\n alloc_pages_node_noprof include/linux/gfp.h:296 [inline]\n ___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4103\n __kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4130\n __do_kmalloc_node mm/slub.c:4146 [inline]\n __kmalloc_node_noprof+0x2d2/0x440 mm/slub.c:4164\n __kvmalloc_node_noprof+0x72/0x190 mm/util.c:650\n bucket_table_alloc lib/rhashtable.c:186 [inline]\n rhashtable_init_noprof+0x534/0xa60 lib/rhashtable.c:1071\n ila_xlat_init_net+0xa0/0x110 net/ipv6/ila/ila_xlat.c:613\n ops_ini\n---truncated---"}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.19.322", "versionStartIncluding": "4.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.4.284", "versionStartIncluding": "4.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.226", "versionStartIncluding": "4.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.167", "versionStartIncluding": "4.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.110", "versionStartIncluding": "4.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.51", "versionStartIncluding": "4.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.10.10", "versionStartIncluding": "4.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.11", "versionStartIncluding": "4.5"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:34:10.865Z"}}}, "cveMetadata": {"cveId": "CVE-2024-46782", "state": "PUBLISHED", "dateUpdated": "2025-11-03T22:18:26.768Z", "dateReserved": "2024-09-11T15:12:18.276Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-09-18T07:12:38.652Z", "assignerShortName": "Linux"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EAB8EA35-2061-4F7A-8F89-A75EBF6032D9", "versionEndExcluding": "4.19.322", "versionStartIncluding": "4.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6265A402-9C3C-438F-BFC5-4194B2568B85", "versionEndExcluding": "5.4.284", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "864FC17C-501A-4823-A643-6F35D65D8A97", "versionEndExcluding": "5.10.226", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "043405A4-25FE-45D4-A7BB-2A0C3B7D17C1", "versionEndExcluding": "5.15.167", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B1A95FC-7E7E-428B-BB59-F76640C652AE", "versionEndExcluding": "6.1.110", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4529134-BAC4-4776-840B-304009E181A0", "versionEndExcluding": "6.6.51", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "ACDEE48C-137A-4731-90D0-A675865E1BED", "versionEndExcluding": "6.10.10", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*", "matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*", "matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*", "matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*", "matchCriteriaId": "B8383ABF-1457-401F-9B61-EE50F4C61F4F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*", "matchCriteriaId": "B77A9280-37E6-49AD-B559-5B23A3B1DC3D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nila: call nf_unregister_net_hooks() sooner\n\nsyzbot found an use-after-free Read in ila_nf_input [1]\n\nIssue here is that ila_xlat_exit_net() frees the rhashtable,\nthen call nf_unregister_net_hooks().\n\nIt should be done in the reverse way, with a synchronize_rcu().\n\nThis is a good match for a pre_exit() method.\n\n[1]\n BUG: KASAN: use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n BUG: KASAN: use-after-free in __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n BUG: KASAN: use-after-free in rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\nRead of size 4 at addr ffff888064620008 by task ksoftirqd/0/16\n\nCPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc4-syzkaller-00238-g2ad6d23f465a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n rht_key_hashfn include/linux/rhashtable.h:159 [inline]\n __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\n rhashtable_lookup include/linux/rhashtable.h:646 [inline]\n rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\n ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:132 [inline]\n ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\n ila_nf_input+0x1fe/0x3c0 net/ipv6/ila/ila_xlat.c:190\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626\n nf_hook include/linux/netfilter.h:269 [inline]\n NF_HOOK+0x29e/0x450 include/linux/netfilter.h:312\n __netif_receive_skb_one_core net/core/dev.c:5661 [inline]\n __netif_receive_skb+0x1ea/0x650 net/core/dev.c:5775\n process_backlog+0x662/0x15b0 net/core/dev.c:6108\n __napi_poll+0xcb/0x490 net/core/dev.c:6772\n napi_poll net/core/dev.c:6841 [inline]\n net_rx_action+0x89b/0x1240 net/core/dev.c:6963\n handle_softirqs+0x2c4/0x970 kernel/softirq.c:554\n run_ksoftirqd+0xca/0x130 kernel/softirq.c:928\n smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n </TASK>\n\nThe buggy address belongs to the physical page:\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x64620\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\npage_type: 0xbfffffff(buddy)\nraw: 00fff00000000000 ffffea0000959608 ffffea00019d9408 0000000000000000\nraw: 0000000000000000 0000000000000003 00000000bfffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as freed\npage last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 5242, tgid 5242 (syz-executor), ts 73611328570, free_ts 618981657187\n set_page_owner include/linux/page_owner.h:32 [inline]\n post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493\n prep_new_page mm/page_alloc.c:1501 [inline]\n get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3439\n __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695\n __alloc_pages_node_noprof include/linux/gfp.h:269 [inline]\n alloc_pages_node_noprof include/linux/gfp.h:296 [inline]\n ___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4103\n __kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4130\n __do_kmalloc_node mm/slub.c:4146 [inline]\n __kmalloc_node_noprof+0x2d2/0x440 mm/slub.c:4164\n __kvmalloc_node_noprof+0x72/0x190 mm/util.c:650\n bucket_table_alloc lib/rhashtable.c:186 [inline]\n rhashtable_init_noprof+0x534/0xa60 lib/rhashtable.c:1071\n ila_xlat_init_net+0xa0/0x110 net/ipv6/ila/ila_xlat.c:613\n ops_ini\n---truncated---"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ila: llamar a nf_unregister_net_hooks() antes de que syzbot encuentre una lectura de uso posterior a la liberaci\u00f3n en ila_nf_input [1] El problema aqu\u00ed es que ila_xlat_exit_net() libera la tabla rhash y luego llama a nf_unregister_net_hooks(). Deber\u00eda hacerse de forma inversa, con unsynchronous_rcu(). Esta es una buena combinaci\u00f3n para un m\u00e9todo pre_exit(). [1] ERROR: KASAN: use after free en rht_key_hashfn include/linux/rhashtable.h:159 [en l\u00ednea] ERROR: KASAN: use after free en __rhashtable_lookup include/linux/rhashtable.h:604 [en l\u00ednea] ERROR: KASAN: use after free en rhashtable_lookup include/linux/rhashtable.h:646 [en l\u00ednea] ERROR: KASAN: use after free en rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672 Lectura de tama\u00f1o 4 en la direcci\u00f3n ffff888064620008 por la tarea ksoftirqd/0/16 CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 No contaminado 6.11.0-rc4-syzkaller-00238-g2ad6d23f465a #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Seguimiento de llamadas: __dump_stack lib/dump_stack.c:93 [en l\u00ednea] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119 print_address_description mm/kasan/report.c:377 [en l\u00ednea] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 rht_key_hashfn include/linux/rhashtable.h:159 [en l\u00ednea] __rhashtable_lookup include/linux/rhashtable.h:604 [en l\u00ednea] rhashtable_lookup include/linux/rhashtable.h:646 [en l\u00ednea] rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672 ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:132 [en l\u00ednea] ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [en l\u00ednea] ila_nf_input+0x1fe/0x3c0 net/ipv6/ila/ila_xlat.c:190 nf_hook_entry_hookfn include/linux/netfilter.h:154 [en l\u00ednea] nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626 nf_hook include/linux/netfilter.h:269 [en l\u00ednea] NF_HOOK+0x29e/0x450 include/linux/netfilter.h:312 __netif_receive_skb_one_core net/core/dev.c:5661 [en l\u00ednea] __netif_receive_skb+0x1ea/0x650 net/core/dev.c:5775 process_backlog+0x662/0x15b0 net/core/dev.c:6108 __napi_poll+0xcb/0x490 net/core/dev.c:6772 napi_poll net/core/dev.c:6841 [en l\u00ednea] net_rx_action+0x89b/0x1240 net/core/dev.c:6963 handle_softirqs+0x2c4/0x970 kernel/softirq.c:554 run_ksoftirqd+0xca/0x130 kernel/softirq.c:928 smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 La direcci\u00f3n con errores pertenece a la p\u00e1gina f\u00edsica: page: refcount:0 mapcount:0 mapping:0000000000000000 \u00edndice:0x0 pfn:0x64620 indicadores: 0xfff00000000000(nodo=0|zona=1|lastcpupid=0x7ff) tipo_p\u00e1gina: 0xbfffffff(amigo) sin procesar: 00fff00000000000 ffffea0000959608 ffffea00019d9408 0000000000000000 sin procesar: 000000000000000 000000000000003 00000000bfffffff 0000000000000000 p\u00e1gina volcada porque: kasan: se detect\u00f3 un acceso incorrecto page_owner rastrea la p\u00e1gina como liberada \u00faltima p\u00e1gina asignada mediante orden 3, migrantstype inamovible, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 5242, tgid 5242 (ejecutor del sistema), ts 73611328570, free_ts 618981657187 establecer_propietario_de_p\u00e1gina include/linux/page_owner.h:32 [en l\u00ednea] post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493 preparar_nueva_p\u00e1gina mm/page_alloc.c:1501 [en l\u00ednea] obtener_p\u00e1gina_de_lista_libre+0x2e4c/0x2f10 mm/page_alloc.c:3439 __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695 __alloc_pages_node_noprof include/linux/gfp.h:269 [en l\u00ednea] alloc_pages_node_noprof include/linux/gfp.h:296 [en l\u00ednea] ___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4103 __kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4130 __do_kmalloc_node mm/slub.c:4146 [en l\u00ednea] __kmalloc_node_noprof+0x2d2/0x440 mm/slub.c:4164 __kvmalloc_node_noprof+0x72/0x190 mm/util.c:650 bucket_table_alloc lib/rhashtable.c:186 [en l\u00ednea] ---truncado---"}], "id": "CVE-2024-46782", "lastModified": "2025-11-03T23:16:00.893", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-09-18T08:15:05.577", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/031ae72825cef43e4650140b800ad58bf7a6a466"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/18a5a16940464b301ea91bf5da3a324aedb347b2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/43d34110882b97ba1ec66cc8234b18983efb9abf"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/47abd8adddbc0aecb8f231269ef659148d5dabe4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/925c18a7cff93d8a4320d652351294ff7d0ac93c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/93ee345ba349922834e6a9d1dadabaedcc12dce6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bda4d84ac0d5421b346faee720011f58bdb99673"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dcaf4e2216824839d26727a15b638c6a677bd9fc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: ila: call nf_unregister_net_hooks() sooner", "id": "2313129", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313129"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nila: call nf_unregister_net_hooks() sooner\nsyzbot found an use-after-free Read in ila_nf_input [1]\nIssue here is that ila_xlat_exit_net() frees the rhashtable,\nthen call nf_unregister_net_hooks().\nIt should be done in the reverse way, with a synchronize_rcu().\nThis is a good match for a pre_exit() method.\n[1]\nBUG: KASAN: use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline]\nBUG: KASAN: use-after-free in __rhashtable_lookup include/linux/rhashtable.h:604 [inline]\nBUG: KASAN: use-after-free in rhashtable_lookup include/linux/rhashtable.h:646 [inline]\nBUG: KASAN: use-after-free in rhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\nRead of size 4 at addr ffff888064620008 by task ksoftirqd/0/16\nCPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc4-syzkaller-00238-g2ad6d23f465a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n<TASK>\n__dump_stack lib/dump_stack.c:93 [inline]\ndump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\nprint_address_description mm/kasan/report.c:377 [inline]\nprint_report+0x169/0x550 mm/kasan/report.c:488\nkasan_report+0x143/0x180 mm/kasan/report.c:601\nrht_key_hashfn include/linux/rhashtable.h:159 [inline]\n__rhashtable_lookup include/linux/rhashtable.h:604 [inline]\nrhashtable_lookup include/linux/rhashtable.h:646 [inline]\nrhashtable_lookup_fast+0x77a/0x9b0 include/linux/rhashtable.h:672\nila_lookup_wildcards net/ipv6/ila/ila_xlat.c:132 [inline]\nila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline]\nila_nf_input+0x1fe/0x3c0 net/ipv6/ila/ila_xlat.c:190\nnf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\nnf_hook_slow+0xc3/0x220 net/netfilter/core.c:626\nnf_hook include/linux/netfilter.h:269 [inline]\nNF_HOOK+0x29e/0x450 include/linux/netfilter.h:312\n__netif_receive_skb_one_core net/core/dev.c:5661 [inline]\n__netif_receive_skb+0x1ea/0x650 net/core/dev.c:5775\nprocess_backlog+0x662/0x15b0 net/core/dev.c:6108\n__napi_poll+0xcb/0x490 net/core/dev.c:6772\nnapi_poll net/core/dev.c:6841 [inline]\nnet_rx_action+0x89b/0x1240 net/core/dev.c:6963\nhandle_softirqs+0x2c4/0x970 kernel/softirq.c:554\nrun_ksoftirqd+0xca/0x130 kernel/softirq.c:928\nsmpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164\nkthread+0x2f0/0x390 kernel/kthread.c:389\nret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\nret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n</TASK>\nThe buggy address belongs to the physical page:\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x64620\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\npage_type: 0xbfffffff(buddy)\nraw: 00fff00000000000 ffffea0000959608 ffffea00019d9408 0000000000000000\nraw: 0000000000000000 0000000000000003 00000000bfffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as freed\npage last allocated via order 3, migratetype Unmovable, gfp_mask 0x52dc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 5242, tgid 5242 (syz-executor), ts 73611328570, free_ts 618981657187\nset_page_owner include/linux/page_owner.h:32 [inline]\npost_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493\nprep_new_page mm/page_alloc.c:1501 [inline]\nget_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3439\n__alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695\n__alloc_pages_node_noprof include/linux/gfp.h:269 [inline]\nalloc_pages_node_noprof include/linux/gfp.h:296 [inline]\n___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4103\n__kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4130\n__do_kmalloc_node mm/slub.c:4146 [inline]\n__kmalloc_node_noprof+0x2d2/0x440 mm/slub.c:4164\n__kvmalloc_node_noprof+0x72/0x190 mm/util.c:650\nbucket_table_alloc lib/rhashtable.c:186 [inline]\nrhashtable_init_noprof+0x534/0xa60 lib/rhashtable.c:1071\nila_xlat_init_net+0xa0/0x110 net/ipv6/ila/ila_xlat.c:613\nops_ini\n---truncated---", "A use-after-free read flaw was found in the Linux kernel's IPv6 Identifier Locator Addressing (ILA) functionality. This issue occurs when a user unloads the ila module and could allow a local user to crash the system or escalate their privileges on the system."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, prevent the ila module from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."}, "name": "CVE-2024-46782", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-09-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-46782\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-46782\nhttps://lore.kernel.org/linux-cve-announce/2024091850-CVE-2024-46782-00ff@gregkh/T"], "threat_severity": "Moderate"}

{}