CVE-2024-46713 (GCVE-0-2024-46713)
Vulnerability from cvelistv5
Published
2024-09-13 14:49
Modified
2025-05-04 09:32
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: perf/aux: Fix AUX buffer serialization Ole reported that event->mmap_mutex is strictly insufficient to serialize the AUX buffer, add a per RB mutex to fully serialize it. Note that in the lock order comment the perf_event::mmap_mutex order was already wrong, that is, it nesting under mmap_lock is not new with this patch.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/2ab9d830262c132ab5db2f571003d80850d56b2a
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/52d13d224fdf1299c8b642807fa1ea14d693f5ff
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7882923f1cb88dc1a17f2bf0c81b1fc80d44db82
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/9dc7ad2b67772cfb94ceb3b0c9c4023c2463215d
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b9b6882e243b653d379abbeaa64a500182aba370
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/c4b69bee3f4ef76809288fe6827bc14d4ae788ef
Impacted products
Vendor Product Version
Linux Linux Version: 45bfb2e50471abbbfd83d40d28c986078b0d24ff
Version: 45bfb2e50471abbbfd83d40d28c986078b0d24ff
Version: 45bfb2e50471abbbfd83d40d28c986078b0d24ff
Version: 45bfb2e50471abbbfd83d40d28c986078b0d24ff
Version: 45bfb2e50471abbbfd83d40d28c986078b0d24ff
Version: 45bfb2e50471abbbfd83d40d28c986078b0d24ff
 Create a notification for this product.
   Linux Linux Version: 4.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46713",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-29T14:58:57.910208Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-29T14:59:13.207Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/events/core.c",
            "kernel/events/internal.h",
            "kernel/events/ring_buffer.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7882923f1cb88dc1a17f2bf0c81b1fc80d44db82",
              "status": "affected",
              "version": "45bfb2e50471abbbfd83d40d28c986078b0d24ff",
              "versionType": "git"
            },
            {
              "lessThan": "52d13d224fdf1299c8b642807fa1ea14d693f5ff",
              "status": "affected",
              "version": "45bfb2e50471abbbfd83d40d28c986078b0d24ff",
              "versionType": "git"
            },
            {
              "lessThan": "9dc7ad2b67772cfb94ceb3b0c9c4023c2463215d",
              "status": "affected",
              "version": "45bfb2e50471abbbfd83d40d28c986078b0d24ff",
              "versionType": "git"
            },
            {
              "lessThan": "c4b69bee3f4ef76809288fe6827bc14d4ae788ef",
              "status": "affected",
              "version": "45bfb2e50471abbbfd83d40d28c986078b0d24ff",
              "versionType": "git"
            },
            {
              "lessThan": "b9b6882e243b653d379abbeaa64a500182aba370",
              "status": "affected",
              "version": "45bfb2e50471abbbfd83d40d28c986078b0d24ff",
              "versionType": "git"
            },
            {
              "lessThan": "2ab9d830262c132ab5db2f571003d80850d56b2a",
              "status": "affected",
              "version": "45bfb2e50471abbbfd83d40d28c986078b0d24ff",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/events/core.c",
            "kernel/events/internal.h",
            "kernel/events/ring_buffer.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.1"
            },
            {
              "lessThan": "4.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.110",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.51",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.226",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.167",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.110",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.51",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10.10",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/aux: Fix AUX buffer serialization\n\nOle reported that event-\u003emmap_mutex is strictly insufficient to\nserialize the AUX buffer, add a per RB mutex to fully serialize it.\n\nNote that in the lock order comment the perf_event::mmap_mutex order\nwas already wrong, that is, it nesting under mmap_lock is not new with\nthis patch."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:32:31.367Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7882923f1cb88dc1a17f2bf0c81b1fc80d44db82"
        },
        {
          "url": "https://git.kernel.org/stable/c/52d13d224fdf1299c8b642807fa1ea14d693f5ff"
        },
        {
          "url": "https://git.kernel.org/stable/c/9dc7ad2b67772cfb94ceb3b0c9c4023c2463215d"
        },
        {
          "url": "https://git.kernel.org/stable/c/c4b69bee3f4ef76809288fe6827bc14d4ae788ef"
        },
        {
          "url": "https://git.kernel.org/stable/c/b9b6882e243b653d379abbeaa64a500182aba370"
        },
        {
          "url": "https://git.kernel.org/stable/c/2ab9d830262c132ab5db2f571003d80850d56b2a"
        }
      ],
      "title": "perf/aux: Fix AUX buffer serialization",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-46713",
    "datePublished": "2024-09-13T14:49:13.691Z",
    "dateReserved": "2024-09-11T15:12:18.254Z",
    "dateUpdated": "2025-05-04T09:32:31.367Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-46713\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-09-13T15:15:15.010\",\"lastModified\":\"2024-09-13T16:37:22.997\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nperf/aux: Fix AUX buffer serialization\\n\\nOle reported that event-\u003emmap_mutex is strictly insufficient to\\nserialize the AUX buffer, add a per RB mutex to fully serialize it.\\n\\nNote that in the lock order comment the perf_event::mmap_mutex order\\nwas already wrong, that is, it nesting under mmap_lock is not new with\\nthis patch.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: perf/aux: Se corrige la serializaci\u00f3n del b\u00fafer AUX. Ole inform\u00f3 que event-\u0026gt;mmap_mutex es estrictamente insuficiente para serializar el b\u00fafer AUX, agregue un mutex por RB para serializarlo por completo. Tenga en cuenta que en el comentario de orden de bloqueo, el orden perf_event::mmap_mutex ya estaba mal, es decir, su anidaci\u00f3n bajo mmap_lock no es nueva con este parche.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/2ab9d830262c132ab5db2f571003d80850d56b2a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/52d13d224fdf1299c8b642807fa1ea14d693f5ff\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/7882923f1cb88dc1a17f2bf0c81b1fc80d44db82\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/9dc7ad2b67772cfb94ceb3b0c9c4023c2463215d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b9b6882e243b653d379abbeaa64a500182aba370\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/c4b69bee3f4ef76809288fe6827bc14d4ae788ef\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-46713\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-29T14:58:57.910208Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-29T14:59:02.441Z\"}}], \"cna\": {\"title\": \"perf/aux: Fix AUX buffer serialization\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"45bfb2e50471\", \"lessThan\": \"7882923f1cb8\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"45bfb2e50471\", \"lessThan\": \"52d13d224fdf\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"45bfb2e50471\", \"lessThan\": \"9dc7ad2b6777\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"45bfb2e50471\", \"lessThan\": \"c4b69bee3f4e\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"45bfb2e50471\", \"lessThan\": \"b9b6882e243b\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"45bfb2e50471\", \"lessThan\": \"2ab9d830262c\", \"versionType\": \"git\"}], \"programFiles\": [\"kernel/events/core.c\", \"kernel/events/internal.h\", \"kernel/events/ring_buffer.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.1\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"4.1\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"5.10.226\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.167\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"6.1.110\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.6.51\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.10.10\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.10.*\"}, {\"status\": \"unaffected\", \"version\": \"6.11\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"kernel/events/core.c\", \"kernel/events/internal.h\", \"kernel/events/ring_buffer.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/7882923f1cb88dc1a17f2bf0c81b1fc80d44db82\"}, {\"url\": \"https://git.kernel.org/stable/c/52d13d224fdf1299c8b642807fa1ea14d693f5ff\"}, {\"url\": \"https://git.kernel.org/stable/c/9dc7ad2b67772cfb94ceb3b0c9c4023c2463215d\"}, {\"url\": \"https://git.kernel.org/stable/c/c4b69bee3f4ef76809288fe6827bc14d4ae788ef\"}, {\"url\": \"https://git.kernel.org/stable/c/b9b6882e243b653d379abbeaa64a500182aba370\"}, {\"url\": \"https://git.kernel.org/stable/c/2ab9d830262c132ab5db2f571003d80850d56b2a\"}], \"x_generator\": {\"engine\": \"bippy-9e1c9544281a\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nperf/aux: Fix AUX buffer serialization\\n\\nOle reported that event-\u003emmap_mutex is strictly insufficient to\\nserialize the AUX buffer, add a per RB mutex to fully serialize it.\\n\\nNote that in the lock order comment the perf_event::mmap_mutex order\\nwas already wrong, that is, it nesting under mmap_lock is not new with\\nthis patch.\"}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2024-11-05T09:45:10.303Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-46713\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-05T09:45:10.303Z\", \"dateReserved\": \"2024-09-11T15:12:18.254Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-09-13T14:49:13.691Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.