CVE-2024-46786

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.52

Description A vulnerability in the Linux kernel has been resolved, which is related to the fscache module. The fscache cookie lru timer is initialized when the fscache module is inserted, but it is not deleted when the module is removed. If timer reduce() is called before removing the fscache module, the fscache cookie lru timer will be added to the timer list of the current CPU, triggering a use-after-free in the softIRQ after removing the module. This can lead to a page fault and potentially allow an attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations To resolve this issue, update the Linux kernel to version 6.6.52 or later. As a temporary workaround, consider disabling the fscache module until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the fscache cookie lru timer in the affected API endpoint until the issue is resolved.