PT-2024-7039 · Linux+6 · Linux Kernel+6

Olivier Sobrie

Published

2024-08-02

Updated

2025-09-29

CVE-2024-46746

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.52

Description The vulnerability is related to the use of freed memory in the amd sfh get report function, which can lead to a slab-use-after-free bug. This issue can cause a crash or potentially allow an attacker to exploit the vulnerability. The problem arises because HID driver callbacks are not called after the hid destroy device function has been called, but the driver data is still used in several callbacks.

Recommendations To resolve this issue, update the Linux kernel to version 6.6.52 or later. If updating is not possible, consider disabling the amd sfh driver or restricting its use until a patch is available.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025_16880

ALT-PU-2024-13121

ALT-PU-2024-13166

ALT-PU-2024-13979

ALT-PU-2024-14046

AZL-49665

BDU:2024-08296

CVE-2024-46746

DLA-4008-1

DSA-5782-1

MGASA-2024-0316

MGASA-2024-0318

OESA-2024-2590

OPENSUSE-SU-2024_3551-1

OPENSUSE-SU-2024_3561-1

OPENSUSE-SU-2024_3564-1

OPENSUSE-SU-2024_3587-1

OPENSUSE-SU-2024_3592-1

SUSE-SU-2024:3551-1

SUSE-SU-2024:3553-1

SUSE-SU-2024:3561-1

SUSE-SU-2024:3564-1

SUSE-SU-2024:3566-1

SUSE-SU-2024:3569-1

SUSE-SU-2024:3587-1

SUSE-SU-2024:3592-1

SUSE-SU-2025:20073-1

SUSE-SU-2025:20077-1

USN-7100-1

USN-7100-2

USN-7123-1

USN-7144-1

USN-7154-1

USN-7154-2

USN-7155-1

USN-7156-1

USN-7194-1

USN-7196-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

PT-2024-7039 · Linux+6 · Linux Kernel+6

CVE-2024-46746

Weakness Enumeration

Related Identifiers

Affected Products

References · 1400