CVE-2024-46799 is a vulnerability identified in the Linux kernel's network subsystem, specifically affecting the Ethernet driver for Texas Instruments AM65 CPSW (am65-cpsw) hardware. The issue arises when the number of transmit (TX) queues is configured to one, leading to a NULL pointer dereference during XDP_TX operations. XDP (eXpress Data Path) is a high-performance packet processing framework in the Linux kernel that allows for fast packet processing at the driver level. The vulnerability occurs because the driver incorrectly uses the maximum number of TX queues instead of the actual configured number when selecting the TX channel in the function am65_cpsw_ndo_xdp_xmit(). This mismatch causes the driver to attempt to access a NULL pointer, resulting in a kernel crash (NULL pointer dereference). The problem can be reproduced by setting the TX queue count to one using ethtool and then running an XDP traffic generator targeting the affected interface, which triggers the kernel panic. This vulnerability has been addressed by correcting the logic to use the actual number of TX queues rather than the maximum, preventing the NULL pointer dereference. There are no known exploits in the wild at the time of publication, and no CVSS score has been assigned yet. The vulnerability affects Linux kernel versions containing the specified commit hashes and is relevant to systems using the TI AM65 CPSW Ethernet driver with XDP enabled and configured with a single TX queue.

For European organizations, the impact of CVE-2024-46799 primarily concerns systems running Linux kernels with the affected TI AM65 CPSW Ethernet driver, particularly those utilizing XDP for high-performance packet processing. The vulnerability can cause a kernel crash due to a NULL pointer dereference, leading to denial of service (DoS) conditions on affected network interfaces. This can disrupt network connectivity, degrade service availability, and potentially impact critical infrastructure relying on real-time or high-throughput networking. While the vulnerability does not directly lead to privilege escalation or remote code execution, the resulting DoS can affect operational continuity, especially in environments such as telecommunications, industrial control systems, or data centers where TI AM65 hardware is deployed. Since the exploit requires specific hardware and configuration (XDP enabled with a single TX queue), the scope is somewhat limited but still significant for affected deployments. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to potential future exploitation or accidental crashes triggered by malformed traffic or misconfiguration.

European organizations should apply the official Linux kernel patches that correct the TX queue handling in the am65-cpsw driver as soon as they become available. Until patches are applied, administrators should avoid configuring the TX queue count to one on interfaces using the affected driver and XDP. Network administrators should audit their Linux systems to identify the presence of TI AM65 CPSW hardware and verify kernel versions and driver configurations. Disabling XDP on affected interfaces or increasing the number of TX queues beyond one can serve as temporary mitigations. Additionally, monitoring kernel logs for NULL pointer dereference messages related to am65-cpsw can help detect attempted exploitation or accidental triggers. Organizations should also ensure robust network segmentation and traffic filtering to limit exposure of vulnerable interfaces to untrusted or external traffic sources. Regularly updating Linux kernel versions and maintaining a proactive patch management process will help mitigate this and similar vulnerabilities.