CVE-2024-46762

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.52

Description The issue is related to the Linux kernel, specifically the xen: privcmd component. It allows for possible access to a freed kirqfd instance due to simultaneous ioctl calls to privcmd irqfd assign() and privcmd irqfd deassign(). If this happens, a kirqfd created by privcmd irqfd assign() may be removed by another thread executing privcmd irqfd deassign() while still being used, leading to a situation where an already freed kirqfd instance may be accessed and cause kernel oops. The fix involves using SRCU locking, similar to the KVM implementation for irqfds.

Recommendations To resolve the issue, update the Linux kernel to version 6.6.52 or later. As a temporary workaround, consider disabling the privcmd irqfd assign() and privcmd irqfd deassign() functions until a patch is available. Restrict access to the irqfds list to minimize the risk of exploitation. Avoid using the irqfds list in the affected API endpoints until the issue is resolved.