CVE-2024-46761

pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv The hotplug driver for powerpc (pci/hotplug/pnv_php.c) causes a kernel
crash when we try to hot-unplug/disable the PCIe switch/bridge from
the PHB. The crash occurs because although the MSI data structure has been
released during disable/hot-unplug path and it has been assigned
with NULL, still during unregistration the code was again trying to
explicitly disable the MSI which causes the NULL pointer dereference and
kernel crash. The patch fixes the check during unregistration path to prevent invoking
pci_disable_msi/msix() since its data structure is already freed.

In the Linux kernel, the following vulnerability has been resolved: pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv The hotplug driver for powerpc (pci/hotplug/pnv_php.c) causes a kernel crash when we try to hot-unplug/disable the PCIe switch/bridge from the PHB. The crash occurs because although the MSI data structure has been released during disable/hot-unplug path and it has been assigned with NULL, still during unregistration the code was again trying to explicitly disable the MSI which causes the NULL pointer dereference and kernel crash. The patch fixes the check during unregistration path to prevent invoking pci_disable_msi/msix() since its data structure is already freed.

It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate certain SMB messages, leading to an out-of-bounds read vulnerability. An attacker could use this to cause a denial of service or possibly expose sensitive information. Supraja Sridhara, Benedict SchlÃ¼ter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-09-11 CVE Reserved
2024-09-18 CVE Published
2024-12-19 CVE Updated
2025-03-28 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (8)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/4eb4085c1346d19d4a05c55246eb93e74e671048	2024-09-12
https://git.kernel.org/stable/c/c4c681999d385e28f84808bbf3a85ea8e982da55	2024-09-12
https://git.kernel.org/stable/c/bc1faed19db95abf0933b104910a3fb01b138f59	2024-09-12
https://git.kernel.org/stable/c/c0d8094dc740cfacf3775bbc6a1c4720459e8de4	2024-09-12
https://git.kernel.org/stable/c/438d522227374042b5c8798f8ce83bbe479dca4d	2024-09-12
https://git.kernel.org/stable/c/b82d4d5c736f4fd2ed224c35f554f50d1953d21e	2024-09-12
https://git.kernel.org/stable/c/bfc44075b19740d372f989f21dd03168bfda0689	2024-09-12
https://git.kernel.org/stable/c/335e35b748527f0c06ded9eebb65387f60647fda	2024-07-04

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.19.322 Search vendor "Linux" for product "Linux Kernel" and version " < 4.19.322"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.4.284 Search vendor "Linux" for product "Linux Kernel" and version " < 5.4.284"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.10.226 Search vendor "Linux" for product "Linux Kernel" and version " < 5.10.226"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.15.167 Search vendor "Linux" for product "Linux Kernel" and version " < 5.15.167"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.1.110 Search vendor "Linux" for product "Linux Kernel" and version " < 6.1.110"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.6.51 Search vendor "Linux" for product "Linux Kernel" and version " < 6.6.51"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.10.10 Search vendor "Linux" for product "Linux Kernel" and version " < 6.10.10"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.11 Search vendor "Linux" for product "Linux Kernel" and version " < 6.11"		en		Affected