PT-2024-6945 · Linux+5 · Linux Kernel+5

Tomas Glozar

Published

2024-09-05

Updated

2025-03-27

CVE-2024-46788

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.52

Description The vulnerability is related to the tracing/osnoise component in the Linux kernel. It occurs when the start kthread() and stop thread() code is not always called with the interface lock held, allowing the kthread variable to be unexpectedly changed. This can cause the kthread stop() function to be called on a user space thread, making it "exit" before it actually exits. The issue can lead to a general protection fault and a null pointer dereference.

Recommendations To resolve the issue, update the Linux kernel to version 6.6.52 or later. If updating is not possible, consider temporarily disabling the tracing/osnoise component to minimize the risk of exploitation. However, this is not a recommended long-term solution, as it may affect system functionality.

Note: At the moment, there is no other information about a fix for this vulnerability.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2024-08187

CVE-2024-46788

MGASA-2024-0316

MGASA-2024-0318

OESA-2024-2219

OPENSUSE-SU-2024_4314-1

OPENSUSE-SU-2024_4316-1

SUSE-SU-2024:4314-1

SUSE-SU-2024:4316-1

SUSE-SU-2024:4318-1

SUSE-SU-2024:4387-1

SUSE-SU-2025:20163-1

SUSE-SU-2025:20164-1

SUSE-SU-2025:20246-1

SUSE-SU-2025:20247-1

USN-7154-1

USN-7154-2

USN-7155-1

USN-7156-1

USN-7196-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

PT-2024-6945 · Linux+5 · Linux Kernel+5

CVE-2024-46788

Weakness Enumeration

Related Identifiers

Affected Products

References · 1855