{"vulnerability": "CVE-2024-46847", "sightings": [{"uuid": "3251ae6d-a6a5-4bb2-adb1-599eab19cfe5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46847", "type": "seen", "source": "https://t.me/cvedetector/6529", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-46847 - Linux Kernel: Out-of-Bounds Access Vulnerability in vmalloc Module\", \n \"Content\": \"CVE ID : CVE-2024-46847 \nPublished : Sept. 27, 2024, 1:15 p.m. | 35\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nmm: vmalloc: ensure vmap_block is initialised before adding to queue \n \nCommit 8c61291fd850 (\"mm: fix incorrect vbq reference in \npurge_fragmented_block\") extended the 'vmap_block' structure to contain a \n'cpu' field which is set at allocation time to the id of the initialising \nCPU. \n \nWhen a new 'vmap_block' is being instantiated by new_vmap_block(), the \npartially initialised structure is added to the local 'vmap_block_queue' \nxarray before the 'cpu' field has been initialised. If another CPU is \nconcurrently walking the xarray (e.g. via vm_unmap_aliases()), then it \nmay perform an out-of-bounds access to the remote queue thanks to an \nuninitialised index. \n \nThis has been observed as UBSAN errors in Android: \n \n | Internal error: UBSAN: array index out of bounds: 00000000f2005512 [#1] PREEMPT SMP \n | \n | Call trace: \n | purge_fragmented_block+0x204/0x21c \n | _vm_unmap_aliases+0x170/0x378 \n | vm_unmap_aliases+0x1c/0x28 \n | change_memory_common+0x1dc/0x26c \n | set_memory_ro+0x18/0x24 \n | module_enable_ro+0x98/0x238 \n | do_init_module+0x1b0/0x310 \n \nMove the initialisation of 'vb->cpu' in new_vmap_block() ahead of the \naddition to the xarray. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"27 Sep 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-27T15:53:37.000000Z"}]}