CVE-2024-46766: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: ice: move netif_queue_set_napi to rtnl-protected sections Currently, netif_queue_set_napi() is called from ice_vsi_rebuild() that is not rtnl-locked when called from the reset. This creates the need to take the rtnl_lock just for a single function and complicates the synchronization with .ndo_bpf. At the same time, there no actual need to fill napi-to-queue information at this exact point. Fill napi-to-queue information when opening the VSI and clear it when the VSI is being closed. Those routines are already rtnl-locked. Also, rewrite napi-to-queue assignment in a way that prevents inclusion of XDP queues, as this leads to out-of-bounds writes, such as one below. [ +0.000004] BUG: KASAN: slab-out-of-bounds in netif_queue_set_napi+0x1c2/0x1e0 [ +0.000012] Write of size 8 at addr ffff889881727c80 by task bash/7047 [ +0.000006] CPU: 24 PID: 7047 Comm: bash Not tainted 6.10.0-rc2+ #2 [ +0.000004] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0014.082620210524 08/26/2021 [ +0.000003] Call Trace: [ +0.000003] <TASK> [ +0.000002] dump_stack_lvl+0x60/0x80 [ +0.000007] print_report+0xce/0x630 [ +0.000007] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ +0.000007] ? __virt_addr_valid+0x1c9/0x2c0 [ +0.000005] ? netif_queue_set_napi+0x1c2/0x1e0 [ +0.000003] kasan_report+0xe9/0x120 [ +0.000004] ? netif_queue_set_napi+0x1c2/0x1e0 [ +0.000004] netif_queue_set_napi+0x1c2/0x1e0 [ +0.000005] ice_vsi_close+0x161/0x670 [ice] [ +0.000114] ice_dis_vsi+0x22f/0x270 [ice] [ +0.000095] ice_pf_dis_all_vsi.constprop.0+0xae/0x1c0 [ice] [ +0.000086] ice_prepare_for_reset+0x299/0x750 [ice] [ +0.000087] pci_dev_save_and_disable+0x82/0xd0 [ +0.000006] pci_reset_function+0x12d/0x230 [ +0.000004] reset_store+0xa0/0x100 [ +0.000006] ? __pfx_reset_store+0x10/0x10 [ +0.000002] ? __pfx_mutex_lock+0x10/0x10 [ +0.000004] ? __check_object_size+0x4c1/0x640 [ +0.000007] kernfs_fop_write_iter+0x30b/0x4a0 [ +0.000006] vfs_write+0x5d6/0xdf0 [ +0.000005] ? fd_install+0x180/0x350 [ +0.000005] ? __pfx_vfs_write+0x10/0xA10 [ +0.000004] ? do_fcntl+0x52c/0xcd0 [ +0.000004] ? kasan_save_track+0x13/0x60 [ +0.000003] ? kasan_save_free_info+0x37/0x60 [ +0.000006] ksys_write+0xfa/0x1d0 [ +0.000003] ? __pfx_ksys_write+0x10/0x10 [ +0.000002] ? __x64_sys_fcntl+0x121/0x180 [ +0.000004] ? _raw_spin_lock+0x87/0xe0 [ +0.000005] do_syscall_64+0x80/0x170 [ +0.000007] ? _raw_spin_lock+0x87/0xe0 [ +0.000004] ? __pfx__raw_spin_lock+0x10/0x10 [ +0.000003] ? file_close_fd_locked+0x167/0x230 [ +0.000005] ? syscall_exit_to_user_mode+0x7d/0x220 [ +0.000005] ? do_syscall_64+0x8c/0x170 [ +0.000004] ? do_syscall_64+0x8c/0x170 [ +0.000003] ? do_syscall_64+0x8c/0x170 [ +0.000003] ? fput+0x1a/0x2c0 [ +0.000004] ? filp_close+0x19/0x30 [ +0.000004] ? do_dup2+0x25a/0x4c0 [ +0.000004] ? __x64_sys_dup2+0x6e/0x2e0 [ +0.000002] ? syscall_exit_to_user_mode+0x7d/0x220 [ +0.000004] ? do_syscall_64+0x8c/0x170 [ +0.000003] ? __count_memcg_events+0x113/0x380 [ +0.000005] ? handle_mm_fault+0x136/0x820 [ +0.000005] ? do_user_addr_fault+0x444/0xa80 [ +0.000004] ? clear_bhb_loop+0x25/0x80 [ +0.000004] ? clear_bhb_loop+0x25/0x80 [ +0.000002] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ +0.000005] RIP: 0033:0x7f2033593154
AI Analysis
Technical Summary
CVE-2024-46766 is a vulnerability identified in the Linux kernel, specifically related to the ice network driver component. The issue arises from improper synchronization and handling of the netif_queue_set_napi() function within the ice_vsi_rebuild() routine. This function is called without holding the rtnl_lock (a lock protecting network device operations), which leads to race conditions and unsafe memory operations. The vulnerability manifests as out-of-bounds writes due to incorrect assignment of napi-to-queue information, particularly when XDP (eXpress Data Path) queues are involved. This can cause kernel memory corruption, as evidenced by Kernel Address Sanitizer (KASAN) reports showing slab-out-of-bounds writes triggered by user-space processes such as bash. The root cause is the timing and context in which netif_queue_set_napi() is called during device reset operations, which was not properly protected by rtnl_lock, leading to unsafe concurrent access. The fix involves moving the napi-to-queue assignment to the VSI open and close routines, which are already rtnl-locked, and rewriting the assignment logic to exclude XDP queues, thereby preventing out-of-bounds memory writes. This vulnerability affects Linux kernel versions containing the specified commit hashes and is relevant to systems using the Intel ice network driver, commonly found in server-grade Intel Ethernet adapters. No known exploits are reported in the wild at this time, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability poses a significant risk primarily to data center and enterprise environments running Linux servers with Intel ice network adapters. The out-of-bounds write can lead to kernel memory corruption, potentially causing system crashes (denial of service), data integrity issues, or enabling privilege escalation if exploited in conjunction with other vulnerabilities. This could disrupt critical services, including cloud infrastructure, telecommunications, and financial systems that rely heavily on Linux servers. Given the prevalence of Linux in European public and private sectors, especially in industries like finance, manufacturing, and government, exploitation could result in operational downtime and compromise of sensitive data. Although no active exploits are known, the vulnerability's presence in kernel network drivers makes it an attractive target for attackers aiming to disrupt network operations or gain elevated privileges on affected hosts.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel to versions that include the patch for CVE-2024-46766 as soon as it becomes available. Until patches are applied, administrators should monitor network device resets and kernel logs for signs of KASAN slab-out-of-bounds errors or unusual crashes related to the ice driver. Limiting untrusted user access to systems with affected kernels can reduce exploitation risk, as the vulnerability involves kernel memory corruption triggered by user-space processes. Additionally, organizations should audit their use of XDP features in network configurations, as improper handling of XDP queues contributed to the vulnerability. Employing kernel live patching solutions where feasible can help mitigate risk without requiring full system reboots. Network segmentation and strict access controls around critical Linux servers can further reduce the attack surface. Finally, maintain up-to-date intrusion detection systems capable of recognizing anomalous kernel behavior or crashes related to network drivers.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2024-46766: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: ice: move netif_queue_set_napi to rtnl-protected sections Currently, netif_queue_set_napi() is called from ice_vsi_rebuild() that is not rtnl-locked when called from the reset. This creates the need to take the rtnl_lock just for a single function and complicates the synchronization with .ndo_bpf. At the same time, there no actual need to fill napi-to-queue information at this exact point. Fill napi-to-queue information when opening the VSI and clear it when the VSI is being closed. Those routines are already rtnl-locked. Also, rewrite napi-to-queue assignment in a way that prevents inclusion of XDP queues, as this leads to out-of-bounds writes, such as one below. [ +0.000004] BUG: KASAN: slab-out-of-bounds in netif_queue_set_napi+0x1c2/0x1e0 [ +0.000012] Write of size 8 at addr ffff889881727c80 by task bash/7047 [ +0.000006] CPU: 24 PID: 7047 Comm: bash Not tainted 6.10.0-rc2+ #2 [ +0.000004] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0014.082620210524 08/26/2021 [ +0.000003] Call Trace: [ +0.000003] <TASK> [ +0.000002] dump_stack_lvl+0x60/0x80 [ +0.000007] print_report+0xce/0x630 [ +0.000007] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ +0.000007] ? __virt_addr_valid+0x1c9/0x2c0 [ +0.000005] ? netif_queue_set_napi+0x1c2/0x1e0 [ +0.000003] kasan_report+0xe9/0x120 [ +0.000004] ? netif_queue_set_napi+0x1c2/0x1e0 [ +0.000004] netif_queue_set_napi+0x1c2/0x1e0 [ +0.000005] ice_vsi_close+0x161/0x670 [ice] [ +0.000114] ice_dis_vsi+0x22f/0x270 [ice] [ +0.000095] ice_pf_dis_all_vsi.constprop.0+0xae/0x1c0 [ice] [ +0.000086] ice_prepare_for_reset+0x299/0x750 [ice] [ +0.000087] pci_dev_save_and_disable+0x82/0xd0 [ +0.000006] pci_reset_function+0x12d/0x230 [ +0.000004] reset_store+0xa0/0x100 [ +0.000006] ? __pfx_reset_store+0x10/0x10 [ +0.000002] ? __pfx_mutex_lock+0x10/0x10 [ +0.000004] ? __check_object_size+0x4c1/0x640 [ +0.000007] kernfs_fop_write_iter+0x30b/0x4a0 [ +0.000006] vfs_write+0x5d6/0xdf0 [ +0.000005] ? fd_install+0x180/0x350 [ +0.000005] ? __pfx_vfs_write+0x10/0xA10 [ +0.000004] ? do_fcntl+0x52c/0xcd0 [ +0.000004] ? kasan_save_track+0x13/0x60 [ +0.000003] ? kasan_save_free_info+0x37/0x60 [ +0.000006] ksys_write+0xfa/0x1d0 [ +0.000003] ? __pfx_ksys_write+0x10/0x10 [ +0.000002] ? __x64_sys_fcntl+0x121/0x180 [ +0.000004] ? _raw_spin_lock+0x87/0xe0 [ +0.000005] do_syscall_64+0x80/0x170 [ +0.000007] ? _raw_spin_lock+0x87/0xe0 [ +0.000004] ? __pfx__raw_spin_lock+0x10/0x10 [ +0.000003] ? file_close_fd_locked+0x167/0x230 [ +0.000005] ? syscall_exit_to_user_mode+0x7d/0x220 [ +0.000005] ? do_syscall_64+0x8c/0x170 [ +0.000004] ? do_syscall_64+0x8c/0x170 [ +0.000003] ? do_syscall_64+0x8c/0x170 [ +0.000003] ? fput+0x1a/0x2c0 [ +0.000004] ? filp_close+0x19/0x30 [ +0.000004] ? do_dup2+0x25a/0x4c0 [ +0.000004] ? __x64_sys_dup2+0x6e/0x2e0 [ +0.000002] ? syscall_exit_to_user_mode+0x7d/0x220 [ +0.000004] ? do_syscall_64+0x8c/0x170 [ +0.000003] ? __count_memcg_events+0x113/0x380 [ +0.000005] ? handle_mm_fault+0x136/0x820 [ +0.000005] ? do_user_addr_fault+0x444/0xa80 [ +0.000004] ? clear_bhb_loop+0x25/0x80 [ +0.000004] ? clear_bhb_loop+0x25/0x80 [ +0.000002] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ +0.000005] RIP: 0033:0x7f2033593154
AI-Powered Analysis
Technical Analysis
CVE-2024-46766 is a vulnerability identified in the Linux kernel, specifically related to the ice network driver component. The issue arises from improper synchronization and handling of the netif_queue_set_napi() function within the ice_vsi_rebuild() routine. This function is called without holding the rtnl_lock (a lock protecting network device operations), which leads to race conditions and unsafe memory operations. The vulnerability manifests as out-of-bounds writes due to incorrect assignment of napi-to-queue information, particularly when XDP (eXpress Data Path) queues are involved. This can cause kernel memory corruption, as evidenced by Kernel Address Sanitizer (KASAN) reports showing slab-out-of-bounds writes triggered by user-space processes such as bash. The root cause is the timing and context in which netif_queue_set_napi() is called during device reset operations, which was not properly protected by rtnl_lock, leading to unsafe concurrent access. The fix involves moving the napi-to-queue assignment to the VSI open and close routines, which are already rtnl-locked, and rewriting the assignment logic to exclude XDP queues, thereby preventing out-of-bounds memory writes. This vulnerability affects Linux kernel versions containing the specified commit hashes and is relevant to systems using the Intel ice network driver, commonly found in server-grade Intel Ethernet adapters. No known exploits are reported in the wild at this time, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability poses a significant risk primarily to data center and enterprise environments running Linux servers with Intel ice network adapters. The out-of-bounds write can lead to kernel memory corruption, potentially causing system crashes (denial of service), data integrity issues, or enabling privilege escalation if exploited in conjunction with other vulnerabilities. This could disrupt critical services, including cloud infrastructure, telecommunications, and financial systems that rely heavily on Linux servers. Given the prevalence of Linux in European public and private sectors, especially in industries like finance, manufacturing, and government, exploitation could result in operational downtime and compromise of sensitive data. Although no active exploits are known, the vulnerability's presence in kernel network drivers makes it an attractive target for attackers aiming to disrupt network operations or gain elevated privileges on affected hosts.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel to versions that include the patch for CVE-2024-46766 as soon as it becomes available. Until patches are applied, administrators should monitor network device resets and kernel logs for signs of KASAN slab-out-of-bounds errors or unusual crashes related to the ice driver. Limiting untrusted user access to systems with affected kernels can reduce exploitation risk, as the vulnerability involves kernel memory corruption triggered by user-space processes. Additionally, organizations should audit their use of XDP features in network configurations, as improper handling of XDP queues contributed to the vulnerability. Employing kernel live patching solutions where feasible can help mitigate risk without requiring full system reboots. Network segmentation and strict access controls around critical Linux servers can further reduce the attack surface. Finally, maintain up-to-date intrusion detection systems capable of recognizing anomalous kernel behavior or crashes related to network drivers.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-09-11T15:12:18.273Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9826c4522896dcbe1232
Added to database: 5/21/2025, 9:08:54 AM
Last enriched: 6/29/2025, 1:25:49 AM
Last updated: 7/30/2025, 2:42:53 AM
Views: 14
Related Threats
CVE-2025-9025: SQL Injection in code-projects Simple Cafe Ordering System
MediumCVE-2025-9024: SQL Injection in PHPGurukul Beauty Parlour Management System
MediumCVE-2025-9023: Buffer Overflow in Tenda AC7
HighCVE-2025-8905: CWE-94 Improper Control of Generation of Code ('Code Injection') in inpersttion Inpersttion For Theme
MediumCVE-2025-8720: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in morehawes Plugin README Parser
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.