PT-2024-6983 · Linux+6 · Linux Kernel+6

Xingyu Jin

Published

2024-09-09

Updated

2025-09-29

CVE-2024-46852

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to an off-by-one error in the CMA heap fault handler in the dma-buf: heaps component of the Linux kernel. This error allowed obtaining a mapping larger than the buffer size via mremap and bypassing the overflow check in dma buf mmap internal. When using such a mapping to attempt to fault past the end of the buffer, the CMA heap fault handler also checks the fault offset against the buffer size, but gets the boundary wrong by 1. The fix involves correcting the boundary check to prevent reading off the end of the pages array and inserting an arbitrary page in the mapping.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-193

Related Identifiers

ALSA-2025_16880

ALT-PU-2024-13979

ALT-PU-2024-14046

ASB-A-363259128

AZL-49809

AZL-49837

BDU:2024-08232

CVE-2024-46852

DLA-4008-1

DSA-5782-1

OESA-2024-2219

OPENSUSE-SU-2024_3984-1

OPENSUSE-SU-2024_3986-1

SUSE-SU-2024:3984-1

SUSE-SU-2024:3986-1

SUSE-SU-2024:4318-1

SUSE-SU-2024:4387-1

SUSE-SU-2025:20163-1

SUSE-SU-2025:20164-1

SUSE-SU-2025:20246-1

SUSE-SU-2025:20247-1

USN-7154-1

USN-7154-2

USN-7155-1

USN-7156-1

USN-7166-1

USN-7166-2

USN-7166-3

USN-7166-4

USN-7186-1

USN-7186-2

USN-7194-1

USN-7196-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

PT-2024-6983 · Linux+6 · Linux Kernel+6

CVE-2024-46852

Weakness Enumeration

Related Identifiers

Affected Products

References · 2061