PT-2024-8760 · Linux+7 · Linux Kernel+7

Ole

·

Published

2024-09-02

·

Updated

2025-09-29

·

CVE-2024-46713

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.10.9
Description The issue is related to the serialization of the AUX buffer in the Linux kernel. Specifically, the event->mmap mutex is insufficient to serialize the AUX buffer, allowing for potential deserialization issues. This could impact the confidentiality, integrity, and availability of the system. The problem arises from the incorrect lock order of perf event::mmap mutex under mmap lock.
Recommendations To resolve the issue, upgrade the Linux kernel to a version newer than 6.10.9. As a temporary workaround, consider restricting access to the vulnerable perf/aux component until a patch is applied.

Exploit

Fix

Memory Corruption

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-502

Related Identifiers

ALSA-2025:0059
ALSA-2025_16880
BDU:2024-10375
CVE-2024-46713
DLA-3912-1
DLA-4008-1
DSA-5782-1
INFSA-2025_0059
MGASA-2024-0316
MGASA-2024-0318
OESA-2024-2491
OESA-2024-2492
OESA-2024-2493
OESA-2024-2494
RHSA-2025:0059
RHSA-2025_0059
SUSE-SU-2025:01919-1
SUSE-SU-2025:01951-1
SUSE-SU-2025:01964-1
SUSE-SU-2025:01965-1
SUSE-SU-2025:01967-1
SUSE-SU-2025:01972-1
SUSE-SU-2025:02000-1
SUSE-SU-2025:02846-1
SUSE-SU-2025:20408-1
SUSE-SU-2025:20413-1
SUSE-SU-2025:20419-1
SUSE-SU-2025:20421-1
SUSE-SU-2025_01951-1
SUSE-SU-2025_01964-1
SUSE-SU-2025_01965-1
SUSE-SU-2025_01967-1
SUSE-SU-2025_01972-1
SUSE-SU-2025_02000-1
SUSE-SU-2025_02846-1
USN-7100-1
USN-7100-2
USN-7123-1
USN-7144-1
USN-7154-1
USN-7154-2
USN-7155-1
USN-7156-1
USN-7194-1
USN-7196-1

Affected Products

Almalinux
Astra Linux
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu