CVE-2024-46701

Medium

In the Linux kernel, the following vulnerability has been resolved: libfs: fix infinite directory reads for offset dir After we switch tmpfs dir operations from simple_dir_operations to simple_offset_dir_operations, every rename happened will fill new dentry to dest dir's maple tree(&SHMEM_I(inode)->dir_offsets->mt) with a free key starting with octx->newx_offset, and then set newx_offset equals to free key + 1. This will lead to infinite readdir combine with rename happened at the same time, which fail generic/736 in xfstests(detail show as below). 1. create 5000 files(1 2 3...) under one dir 2. call readdir(man 3 readdir) once, and get one entry 3. rename(entry, "TEMPFILE"), then rename("TEMPFILE", entry) 4. loop 2~3, until readdir return nothing or we loop too many times(tmpfs break test with the second condition) We choose the same logic what commit 9b378f6ad48cf ("btrfs: fix infinite directory reads") to fix it, record the last_index when we open dir, and do not emit the entry which index >= last_index. The file->private_data now used in offset dir can use directly to do this, and we also update the last_index when we llseek the dir file. [brauner: only update last_index after seek when offset is zero like Jan suggested]

Package Linux Kernel
Published 2024-09-13
Last modified 2024-09-19
CVSS version 3.1
Patch available
Yes

CVSS 3.1 score

5.5

out of 10
Medium
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
High
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Weakness type

CWE-835

CVE-2024-46701 is a Infinite Loop vulnerability

What is Infinite Loop?

The product contains an iteration that does not exit even when it should. Learn more on MITRE CWE

Affected versions

Linux kernel versions 6.6 and later are affected. Fixed in 6.10.7, 6.11 and their respective stable series.

Affected from
≥ 6.6
Fixed in
✓ 6.10.7 6.10.x ✓ 6.11

References

The following references provide additional information about CVE-2024-46701 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Frequently asked questions

  • What is CVE-2024-46701?

    CVE-2024-46701 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 , classified as an Infinite Loop flaw (CWE-835) . It affects Linux kernel versions from 6.6 onward and has been patched in 6.10.7 and 6.11. CVE-2024-46701 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

  • What is the CVSS score for CVE-2024-46701?

    CVE-2024-46701 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H .

  • Is there a patch available for CVE-2024-46701?

    Yes — CVE-2024-46701 has been patched. Fixed versions include 6.10.7 and 6.11. If you are running Linux kernel 6.6 or later up to the fix versions, apply the relevant patch for your kernel branch.

  • Is CVE-2024-46701 actively exploited?

    No — CVE-2024-46701 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.

  • What is Infinite Loop (CWE-835)?

    The product contains an iteration that does not exit even when it should. View CWE-835 on MITRE CWE →

Back to
All CVEs
View on
NVD / NIST