CVE-2024-46784

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.52

Description The issue is related to the net: mana module in the Linux kernel, where the napi disable() function gets called during rxq and txq cleanup before napi is enabled and hrtimer is initialized, causing a kernel panic. The panic occurs due to the incorrect handling of the napi disable() call, which leads to a crash when trying to cancel the hrtimer. Technical details about the issue include the involvement of functions such as page fault oops(), page counter cancel(), do user addr fault(), and hrtimer try to cancel().

Recommendations To resolve the issue, update the Linux kernel to version 6.6.52 or later. As a temporary workaround, consider disabling the mana create txq/rxq functionality until a patch is available. Restrict access to the vulnerable net: mana module to minimize the risk of exploitation. Avoid using the napi disable() function in the affected API endpoints until the issue is resolved.