CVE-2024-46847: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: mm: vmalloc: ensure vmap_block is initialised before adding to queue Commit 8c61291fd850 ("mm: fix incorrect vbq reference in purge_fragmented_block") extended the 'vmap_block' structure to contain a 'cpu' field which is set at allocation time to the id of the initialising CPU. When a new 'vmap_block' is being instantiated by new_vmap_block(), the partially initialised structure is added to the local 'vmap_block_queue' xarray before the 'cpu' field has been initialised. If another CPU is concurrently walking the xarray (e.g. via vm_unmap_aliases()), then it may perform an out-of-bounds access to the remote queue thanks to an uninitialised index. This has been observed as UBSAN errors in Android: | Internal error: UBSAN: array index out of bounds: 00000000f2005512 [#1] PREEMPT SMP | | Call trace: | purge_fragmented_block+0x204/0x21c | _vm_unmap_aliases+0x170/0x378 | vm_unmap_aliases+0x1c/0x28 | change_memory_common+0x1dc/0x26c | set_memory_ro+0x18/0x24 | module_enable_ro+0x98/0x238 | do_init_module+0x1b0/0x310 Move the initialisation of 'vb->cpu' in new_vmap_block() ahead of the addition to the xarray.
AI Analysis
Technical Summary
CVE-2024-46847 is a vulnerability in the Linux kernel's memory management subsystem, specifically related to the vmalloc area handling. The issue arises in the handling of the 'vmap_block' structure, which is used to manage virtual memory mappings. The vulnerability is due to a race condition during the initialization of a new 'vmap_block' instance in the function new_vmap_block(). In this function, the partially initialized 'vmap_block' structure is added to a local queue (vmap_block_queue xarray) before the 'cpu' field within the structure is properly initialized. This 'cpu' field is intended to store the ID of the CPU that initialized the block. If another CPU concurrently traverses this queue (for example, during the execution of vm_unmap_aliases()), it may access the uninitialized 'cpu' field, leading to an out-of-bounds array access. This can cause undefined behavior, including potential memory corruption or kernel crashes. The issue has been observed as Undefined Behavior Sanitizer (UBSAN) errors on Android devices running Linux kernels with this flaw. The fix involves reordering the initialization sequence in new_vmap_block() to ensure the 'cpu' field is set before the structure is added to the queue, preventing concurrent access to uninitialized data. No known exploits are currently reported in the wild. The vulnerability affects Linux kernel versions identified by specific commit hashes prior to the patch. This flaw is a concurrency bug that can lead to stability issues and potential security risks if exploited, as it involves kernel memory management and cross-CPU interactions.
Potential Impact
For European organizations, the impact of CVE-2024-46847 can be significant, especially for those relying on Linux-based infrastructure, including servers, embedded systems, and Android devices. The vulnerability can lead to kernel crashes or memory corruption, resulting in denial of service (DoS) conditions. While no direct remote code execution or privilege escalation has been reported, the instability caused by this bug can disrupt critical services, affecting availability. Organizations running multi-core or multi-CPU Linux systems are particularly at risk due to the concurrency nature of the flaw. This includes cloud service providers, telecom operators, and enterprises using Linux for virtualization or containerization. The vulnerability could also affect embedded Linux devices used in industrial control systems or IoT, potentially impacting operational technology environments. Given the kernel-level nature of the flaw, exploitation could undermine system integrity and reliability, leading to operational disruptions and increased maintenance costs. Although no active exploits are known, the presence of this bug in widely deployed Linux kernels necessitates prompt attention to prevent future exploitation or accidental system failures.
Mitigation Recommendations
European organizations should apply the following specific mitigation steps: 1) Identify and inventory all Linux systems, including servers, workstations, embedded devices, and Android devices, to determine exposure. 2) Apply the official Linux kernel patches that reorder the initialization of the 'vmap_block' structure as soon as they become available from trusted sources or distribution vendors. 3) For systems where immediate patching is not feasible, consider temporarily disabling or limiting workloads that involve heavy vmalloc usage or frequent memory remapping to reduce concurrency risks. 4) Monitor kernel logs and system stability metrics for signs of memory corruption or crashes related to vmalloc operations. 5) Employ kernel hardening and runtime protections such as Kernel Address Sanitizer (KASAN) or other memory safety tools in development and testing environments to detect similar issues early. 6) Coordinate with device manufacturers and Linux distribution maintainers to ensure timely updates for embedded and Android devices. 7) Implement robust backup and recovery procedures to minimize downtime in case of crashes. 8) Educate system administrators about the concurrency nature of this bug to improve incident response readiness.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland
CVE-2024-46847: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: mm: vmalloc: ensure vmap_block is initialised before adding to queue Commit 8c61291fd850 ("mm: fix incorrect vbq reference in purge_fragmented_block") extended the 'vmap_block' structure to contain a 'cpu' field which is set at allocation time to the id of the initialising CPU. When a new 'vmap_block' is being instantiated by new_vmap_block(), the partially initialised structure is added to the local 'vmap_block_queue' xarray before the 'cpu' field has been initialised. If another CPU is concurrently walking the xarray (e.g. via vm_unmap_aliases()), then it may perform an out-of-bounds access to the remote queue thanks to an uninitialised index. This has been observed as UBSAN errors in Android: | Internal error: UBSAN: array index out of bounds: 00000000f2005512 [#1] PREEMPT SMP | | Call trace: | purge_fragmented_block+0x204/0x21c | _vm_unmap_aliases+0x170/0x378 | vm_unmap_aliases+0x1c/0x28 | change_memory_common+0x1dc/0x26c | set_memory_ro+0x18/0x24 | module_enable_ro+0x98/0x238 | do_init_module+0x1b0/0x310 Move the initialisation of 'vb->cpu' in new_vmap_block() ahead of the addition to the xarray.
AI-Powered Analysis
Technical Analysis
CVE-2024-46847 is a vulnerability in the Linux kernel's memory management subsystem, specifically related to the vmalloc area handling. The issue arises in the handling of the 'vmap_block' structure, which is used to manage virtual memory mappings. The vulnerability is due to a race condition during the initialization of a new 'vmap_block' instance in the function new_vmap_block(). In this function, the partially initialized 'vmap_block' structure is added to a local queue (vmap_block_queue xarray) before the 'cpu' field within the structure is properly initialized. This 'cpu' field is intended to store the ID of the CPU that initialized the block. If another CPU concurrently traverses this queue (for example, during the execution of vm_unmap_aliases()), it may access the uninitialized 'cpu' field, leading to an out-of-bounds array access. This can cause undefined behavior, including potential memory corruption or kernel crashes. The issue has been observed as Undefined Behavior Sanitizer (UBSAN) errors on Android devices running Linux kernels with this flaw. The fix involves reordering the initialization sequence in new_vmap_block() to ensure the 'cpu' field is set before the structure is added to the queue, preventing concurrent access to uninitialized data. No known exploits are currently reported in the wild. The vulnerability affects Linux kernel versions identified by specific commit hashes prior to the patch. This flaw is a concurrency bug that can lead to stability issues and potential security risks if exploited, as it involves kernel memory management and cross-CPU interactions.
Potential Impact
For European organizations, the impact of CVE-2024-46847 can be significant, especially for those relying on Linux-based infrastructure, including servers, embedded systems, and Android devices. The vulnerability can lead to kernel crashes or memory corruption, resulting in denial of service (DoS) conditions. While no direct remote code execution or privilege escalation has been reported, the instability caused by this bug can disrupt critical services, affecting availability. Organizations running multi-core or multi-CPU Linux systems are particularly at risk due to the concurrency nature of the flaw. This includes cloud service providers, telecom operators, and enterprises using Linux for virtualization or containerization. The vulnerability could also affect embedded Linux devices used in industrial control systems or IoT, potentially impacting operational technology environments. Given the kernel-level nature of the flaw, exploitation could undermine system integrity and reliability, leading to operational disruptions and increased maintenance costs. Although no active exploits are known, the presence of this bug in widely deployed Linux kernels necessitates prompt attention to prevent future exploitation or accidental system failures.
Mitigation Recommendations
European organizations should apply the following specific mitigation steps: 1) Identify and inventory all Linux systems, including servers, workstations, embedded devices, and Android devices, to determine exposure. 2) Apply the official Linux kernel patches that reorder the initialization of the 'vmap_block' structure as soon as they become available from trusted sources or distribution vendors. 3) For systems where immediate patching is not feasible, consider temporarily disabling or limiting workloads that involve heavy vmalloc usage or frequent memory remapping to reduce concurrency risks. 4) Monitor kernel logs and system stability metrics for signs of memory corruption or crashes related to vmalloc operations. 5) Employ kernel hardening and runtime protections such as Kernel Address Sanitizer (KASAN) or other memory safety tools in development and testing environments to detect similar issues early. 6) Coordinate with device manufacturers and Linux distribution maintainers to ensure timely updates for embedded and Android devices. 7) Implement robust backup and recovery procedures to minimize downtime in case of crashes. 8) Educate system administrators about the concurrency nature of this bug to improve incident response readiness.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-09-11T15:12:18.290Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9820c4522896dcbdce26
Added to database: 5/21/2025, 9:08:48 AM
Last enriched: 6/27/2025, 9:25:35 PM
Last updated: 8/13/2025, 5:49:26 PM
Views: 16
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.