CVE-2024-46789: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: mm/slub: add check for s->flags in the alloc_tagging_slab_free_hook When enable CONFIG_MEMCG & CONFIG_KFENCE & CONFIG_KMEMLEAK, the following warning always occurs,This is because the following call stack occurred: mem_pool_alloc kmem_cache_alloc_noprof slab_alloc_node kfence_alloc Once the kfence allocation is successful,slab->obj_exts will not be empty, because it has already been assigned a value in kfence_init_pool. Since in the prepare_slab_obj_exts_hook function,we perform a check for s->flags & (SLAB_NO_OBJ_EXT | SLAB_NOLEAKTRACE),the alloc_tag_add function will not be called as a result.Therefore,ref->ct remains NULL. However,when we call mem_pool_free,since obj_ext is not empty, it eventually leads to the alloc_tag_sub scenario being invoked. This is where the warning occurs. So we should add corresponding checks in the alloc_tagging_slab_free_hook. For __GFP_NO_OBJ_EXT case,I didn't see the specific case where it's using kfence,so I won't add the corresponding check in alloc_tagging_slab_free_hook for now. [ 3.734349] ------------[ cut here ]------------ [ 3.734807] alloc_tag was not set [ 3.735129] WARNING: CPU: 4 PID: 40 at ./include/linux/alloc_tag.h:130 kmem_cache_free+0x444/0x574 [ 3.735866] Modules linked in: autofs4 [ 3.736211] CPU: 4 UID: 0 PID: 40 Comm: ksoftirqd/4 Tainted: G W 6.11.0-rc3-dirty #1 [ 3.736969] Tainted: [W]=WARN [ 3.737258] Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022 [ 3.737875] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 3.738501] pc : kmem_cache_free+0x444/0x574 [ 3.738951] lr : kmem_cache_free+0x444/0x574 [ 3.739361] sp : ffff80008357bb60 [ 3.739693] x29: ffff80008357bb70 x28: 0000000000000000 x27: 0000000000000000 [ 3.740338] x26: ffff80008207f000 x25: ffff000b2eb2fd60 x24: ffff0000c0005700 [ 3.740982] x23: ffff8000804229e4 x22: ffff800082080000 x21: ffff800081756000 [ 3.741630] x20: fffffd7ff8253360 x19: 00000000000000a8 x18: ffffffffffffffff [ 3.742274] x17: ffff800ab327f000 x16: ffff800083398000 x15: ffff800081756df0 [ 3.742919] x14: 0000000000000000 x13: 205d344320202020 x12: 5b5d373038343337 [ 3.743560] x11: ffff80008357b650 x10: 000000000000005d x9 : 00000000ffffffd0 [ 3.744231] x8 : 7f7f7f7f7f7f7f7f x7 : ffff80008237bad0 x6 : c0000000ffff7fff [ 3.744907] x5 : ffff80008237ba78 x4 : ffff8000820bbad0 x3 : 0000000000000001 [ 3.745580] x2 : 68d66547c09f7800 x1 : 68d66547c09f7800 x0 : 0000000000000000 [ 3.746255] Call trace: [ 3.746530] kmem_cache_free+0x444/0x574 [ 3.746931] mem_pool_free+0x44/0xf4 [ 3.747306] free_object_rcu+0xc8/0xdc [ 3.747693] rcu_do_batch+0x234/0x8a4 [ 3.748075] rcu_core+0x230/0x3e4 [ 3.748424] rcu_core_si+0x14/0x1c [ 3.748780] handle_softirqs+0x134/0x378 [ 3.749189] run_ksoftirqd+0x70/0x9c [ 3.749560] smpboot_thread_fn+0x148/0x22c [ 3.749978] kthread+0x10c/0x118 [ 3.750323] ret_from_fork+0x10/0x20 [ 3.750696] ---[ end trace 0000000000000000 ]---
AI Analysis
Technical Summary
CVE-2024-46789 is a vulnerability identified in the Linux kernel's memory management subsystem, specifically within the slab allocator code under certain kernel configurations. The issue arises when the kernel is compiled with CONFIG_MEMCG (memory control groups), CONFIG_KFENCE (Kernel Electric Fence), and CONFIG_KMEMLEAK (kernel memory leak detector) enabled simultaneously. The vulnerability is related to improper handling of slab object extensions (obj_exts) during memory allocation and deallocation. In this scenario, when kfence allocation succeeds, the slab's obj_exts field is non-empty because it is initialized during kfence pool setup. However, due to a missing check in the alloc_tagging_slab_free_hook function, the reference count (ref->ct) remains NULL because the alloc_tag_add function is not called. Later, when mem_pool_free is invoked, the presence of obj_exts triggers the alloc_tag_sub function, which expects alloc_tag to be set. Since it is not, a kernel warning is generated, indicating a potential inconsistency in memory tagging and freeing logic. The kernel warning includes a stack trace pointing to kmem_cache_free and related functions, highlighting the problem during slab memory free operations. This flaw does not appear to be exploitable for privilege escalation or arbitrary code execution but can lead to kernel warnings and potential instability or denial of service due to unexpected kernel behavior. The patch involves adding appropriate checks in alloc_tagging_slab_free_hook to handle these conditions correctly. The vulnerability is specific to certain kernel configurations and versions, and no known exploits are reported in the wild as of the publication date.
Potential Impact
For European organizations, the impact of CVE-2024-46789 is primarily related to system stability and reliability rather than direct compromise or data breach. Systems running Linux kernels compiled with the affected configurations (CONFIG_MEMCG, CONFIG_KFENCE, CONFIG_KMEMLEAK) may experience kernel warnings and potential crashes or hangs during memory deallocation in slab allocators. This can affect servers, virtual machines, and embedded devices relying on these kernel features for memory debugging and leak detection. Organizations using such kernels in production environments, especially those with high availability requirements, could face service interruptions or degraded performance. Although no direct exploitation for privilege escalation is known, the kernel warnings and potential instability could be leveraged by attackers to cause denial of service conditions. This is particularly relevant for cloud providers, data centers, and critical infrastructure operators in Europe that use Linux extensively. The vulnerability also affects development and testing environments where these kernel debugging features are enabled, potentially impacting software quality assurance processes.
Mitigation Recommendations
European organizations should take the following specific mitigation steps: 1) Identify Linux systems running kernels with CONFIG_MEMCG, CONFIG_KFENCE, and CONFIG_KMEMLEAK enabled, especially those in production or critical environments. 2) Apply the official Linux kernel patches that address CVE-2024-46789 as soon as they become available from trusted sources or Linux distribution vendors. 3) If immediate patching is not feasible, consider disabling one or more of the involved kernel features (KFENCE or KMEMLEAK) temporarily to avoid triggering the vulnerability, balancing this against the loss of debugging capabilities. 4) Monitor kernel logs for the specific warning message "alloc_tag was not set" or related stack traces to detect if the issue is occurring in deployed systems. 5) For virtualized environments, ensure hypervisor and guest kernel versions are updated to avoid cascading instability. 6) Incorporate this vulnerability into vulnerability management and patching workflows, prioritizing systems where memory debugging features are enabled. 7) Engage with Linux distribution security advisories and subscribe to relevant mailing lists to receive timely updates on patches and mitigations.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
CVE-2024-46789: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: mm/slub: add check for s->flags in the alloc_tagging_slab_free_hook When enable CONFIG_MEMCG & CONFIG_KFENCE & CONFIG_KMEMLEAK, the following warning always occurs,This is because the following call stack occurred: mem_pool_alloc kmem_cache_alloc_noprof slab_alloc_node kfence_alloc Once the kfence allocation is successful,slab->obj_exts will not be empty, because it has already been assigned a value in kfence_init_pool. Since in the prepare_slab_obj_exts_hook function,we perform a check for s->flags & (SLAB_NO_OBJ_EXT | SLAB_NOLEAKTRACE),the alloc_tag_add function will not be called as a result.Therefore,ref->ct remains NULL. However,when we call mem_pool_free,since obj_ext is not empty, it eventually leads to the alloc_tag_sub scenario being invoked. This is where the warning occurs. So we should add corresponding checks in the alloc_tagging_slab_free_hook. For __GFP_NO_OBJ_EXT case,I didn't see the specific case where it's using kfence,so I won't add the corresponding check in alloc_tagging_slab_free_hook for now. [ 3.734349] ------------[ cut here ]------------ [ 3.734807] alloc_tag was not set [ 3.735129] WARNING: CPU: 4 PID: 40 at ./include/linux/alloc_tag.h:130 kmem_cache_free+0x444/0x574 [ 3.735866] Modules linked in: autofs4 [ 3.736211] CPU: 4 UID: 0 PID: 40 Comm: ksoftirqd/4 Tainted: G W 6.11.0-rc3-dirty #1 [ 3.736969] Tainted: [W]=WARN [ 3.737258] Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022 [ 3.737875] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 3.738501] pc : kmem_cache_free+0x444/0x574 [ 3.738951] lr : kmem_cache_free+0x444/0x574 [ 3.739361] sp : ffff80008357bb60 [ 3.739693] x29: ffff80008357bb70 x28: 0000000000000000 x27: 0000000000000000 [ 3.740338] x26: ffff80008207f000 x25: ffff000b2eb2fd60 x24: ffff0000c0005700 [ 3.740982] x23: ffff8000804229e4 x22: ffff800082080000 x21: ffff800081756000 [ 3.741630] x20: fffffd7ff8253360 x19: 00000000000000a8 x18: ffffffffffffffff [ 3.742274] x17: ffff800ab327f000 x16: ffff800083398000 x15: ffff800081756df0 [ 3.742919] x14: 0000000000000000 x13: 205d344320202020 x12: 5b5d373038343337 [ 3.743560] x11: ffff80008357b650 x10: 000000000000005d x9 : 00000000ffffffd0 [ 3.744231] x8 : 7f7f7f7f7f7f7f7f x7 : ffff80008237bad0 x6 : c0000000ffff7fff [ 3.744907] x5 : ffff80008237ba78 x4 : ffff8000820bbad0 x3 : 0000000000000001 [ 3.745580] x2 : 68d66547c09f7800 x1 : 68d66547c09f7800 x0 : 0000000000000000 [ 3.746255] Call trace: [ 3.746530] kmem_cache_free+0x444/0x574 [ 3.746931] mem_pool_free+0x44/0xf4 [ 3.747306] free_object_rcu+0xc8/0xdc [ 3.747693] rcu_do_batch+0x234/0x8a4 [ 3.748075] rcu_core+0x230/0x3e4 [ 3.748424] rcu_core_si+0x14/0x1c [ 3.748780] handle_softirqs+0x134/0x378 [ 3.749189] run_ksoftirqd+0x70/0x9c [ 3.749560] smpboot_thread_fn+0x148/0x22c [ 3.749978] kthread+0x10c/0x118 [ 3.750323] ret_from_fork+0x10/0x20 [ 3.750696] ---[ end trace 0000000000000000 ]---
AI-Powered Analysis
Technical Analysis
CVE-2024-46789 is a vulnerability identified in the Linux kernel's memory management subsystem, specifically within the slab allocator code under certain kernel configurations. The issue arises when the kernel is compiled with CONFIG_MEMCG (memory control groups), CONFIG_KFENCE (Kernel Electric Fence), and CONFIG_KMEMLEAK (kernel memory leak detector) enabled simultaneously. The vulnerability is related to improper handling of slab object extensions (obj_exts) during memory allocation and deallocation. In this scenario, when kfence allocation succeeds, the slab's obj_exts field is non-empty because it is initialized during kfence pool setup. However, due to a missing check in the alloc_tagging_slab_free_hook function, the reference count (ref->ct) remains NULL because the alloc_tag_add function is not called. Later, when mem_pool_free is invoked, the presence of obj_exts triggers the alloc_tag_sub function, which expects alloc_tag to be set. Since it is not, a kernel warning is generated, indicating a potential inconsistency in memory tagging and freeing logic. The kernel warning includes a stack trace pointing to kmem_cache_free and related functions, highlighting the problem during slab memory free operations. This flaw does not appear to be exploitable for privilege escalation or arbitrary code execution but can lead to kernel warnings and potential instability or denial of service due to unexpected kernel behavior. The patch involves adding appropriate checks in alloc_tagging_slab_free_hook to handle these conditions correctly. The vulnerability is specific to certain kernel configurations and versions, and no known exploits are reported in the wild as of the publication date.
Potential Impact
For European organizations, the impact of CVE-2024-46789 is primarily related to system stability and reliability rather than direct compromise or data breach. Systems running Linux kernels compiled with the affected configurations (CONFIG_MEMCG, CONFIG_KFENCE, CONFIG_KMEMLEAK) may experience kernel warnings and potential crashes or hangs during memory deallocation in slab allocators. This can affect servers, virtual machines, and embedded devices relying on these kernel features for memory debugging and leak detection. Organizations using such kernels in production environments, especially those with high availability requirements, could face service interruptions or degraded performance. Although no direct exploitation for privilege escalation is known, the kernel warnings and potential instability could be leveraged by attackers to cause denial of service conditions. This is particularly relevant for cloud providers, data centers, and critical infrastructure operators in Europe that use Linux extensively. The vulnerability also affects development and testing environments where these kernel debugging features are enabled, potentially impacting software quality assurance processes.
Mitigation Recommendations
European organizations should take the following specific mitigation steps: 1) Identify Linux systems running kernels with CONFIG_MEMCG, CONFIG_KFENCE, and CONFIG_KMEMLEAK enabled, especially those in production or critical environments. 2) Apply the official Linux kernel patches that address CVE-2024-46789 as soon as they become available from trusted sources or Linux distribution vendors. 3) If immediate patching is not feasible, consider disabling one or more of the involved kernel features (KFENCE or KMEMLEAK) temporarily to avoid triggering the vulnerability, balancing this against the loss of debugging capabilities. 4) Monitor kernel logs for the specific warning message "alloc_tag was not set" or related stack traces to detect if the issue is occurring in deployed systems. 5) For virtualized environments, ensure hypervisor and guest kernel versions are updated to avoid cascading instability. 6) Incorporate this vulnerability into vulnerability management and patching workflows, prioritizing systems where memory debugging features are enabled. 7) Engage with Linux distribution security advisories and subscribe to relevant mailing lists to receive timely updates on patches and mitigations.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-09-11T15:12:18.278Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9827c4522896dcbe12f2
Added to database: 5/21/2025, 9:08:55 AM
Last enriched: 6/29/2025, 1:54:47 AM
Last updated: 8/7/2025, 10:17:05 AM
Views: 17
Related Threats
CVE-2025-36088: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in IBM Storage TS4500 Library
MediumCVE-2025-43490: CWE-59 Improper Link Resolution Before File Access ('Link Following') in HP, Inc. HP Hotkey Support Software
MediumCVE-2025-9060: CWE-20 Improper Input Validation in MSoft MFlash
CriticalCVE-2025-8675: CWE-918 Server-Side Request Forgery (SSRF) in Drupal AI SEO Link Advisor
MediumCVE-2025-8362: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Drupal GoogleTag Manager
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.