Rapid7 Vulnerability & Exploit Database

Ubuntu: (Multiple Advisories) (CVE-2024-46689): Linux kernel vulnerabilities

Free InsightVM Trial No Credit Card Necessary

2024 Attack Intel Report Latest research by Rapid7 Labs

Back to Search

Ubuntu: (Multiple Advisories) (CVE-2024-46689): Linux kernel vulnerabilities

Severity

CVSS

(AV:L/AC:M/Au:N/C:P/I:P/A:P)

Published

09/13/2024

Created

11/05/2024

Added

11/04/2024

Modified

11/21/2024

Description

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: cmd-db: Map shared memory as WC, not WB Linux does not write into cmd-db region. This region of memory is write protected by XPU. XPU may sometime falsely detect clean cache eviction as "write" into the write protected region leading to secure interrupt which causes an endless loop somewhere in Trust Zone. The only reason it is working right now is because Qualcomm Hypervisor maps the same region as Non-Cacheable memory in Stage 2 translation tables. The issue manifests if we want to use another hypervisor (like Xen or KVM), which does not know anything about those specific mappings. Changing the mapping of cmd-db memory from MEMREMAP_WB to MEMREMAP_WT/WC removes dependency on correct mappings in Stage 2 tables. This patch fixes the issue by updating the mapping to MEMREMAP_WC. I tested this on SA8155P with Xen.

Solution(s)

ubuntu-upgrade-linux-image-5-15-0-1038-xilinx-zynqmp
ubuntu-upgrade-linux-image-5-15-0-1055-gkeop
ubuntu-upgrade-linux-image-5-15-0-1065-ibm
ubuntu-upgrade-linux-image-5-15-0-1065-raspi
ubuntu-upgrade-linux-image-5-15-0-1067-nvidia
ubuntu-upgrade-linux-image-5-15-0-1067-nvidia-lowlatency
ubuntu-upgrade-linux-image-5-15-0-1069-gke
ubuntu-upgrade-linux-image-5-15-0-1069-kvm
ubuntu-upgrade-linux-image-5-15-0-1070-oracle
ubuntu-upgrade-linux-image-5-15-0-1071-gcp
ubuntu-upgrade-linux-image-5-15-0-1072-aws
ubuntu-upgrade-linux-image-5-15-0-1075-azure
ubuntu-upgrade-linux-image-5-15-0-125-generic
ubuntu-upgrade-linux-image-5-15-0-125-generic-64k
ubuntu-upgrade-linux-image-5-15-0-125-generic-lpae
ubuntu-upgrade-linux-image-5-15-0-125-lowlatency
ubuntu-upgrade-linux-image-5-15-0-125-lowlatency-64k
ubuntu-upgrade-linux-image-5-4-0-1044-iot
ubuntu-upgrade-linux-image-5-4-0-1054-xilinx-zynqmp
ubuntu-upgrade-linux-image-5-4-0-1082-ibm
ubuntu-upgrade-linux-image-5-4-0-1094-bluefield
ubuntu-upgrade-linux-image-5-4-0-1102-gkeop
ubuntu-upgrade-linux-image-5-4-0-1119-raspi
ubuntu-upgrade-linux-image-5-4-0-1123-kvm
ubuntu-upgrade-linux-image-5-4-0-1134-oracle
ubuntu-upgrade-linux-image-5-4-0-1135-aws
ubuntu-upgrade-linux-image-5-4-0-1139-azure
ubuntu-upgrade-linux-image-5-4-0-1139-gcp
ubuntu-upgrade-linux-image-5-4-0-1140-azure
ubuntu-upgrade-linux-image-5-4-0-200-generic
ubuntu-upgrade-linux-image-5-4-0-200-generic-lpae
ubuntu-upgrade-linux-image-5-4-0-200-lowlatency
ubuntu-upgrade-linux-image-aws
ubuntu-upgrade-linux-image-aws-lts-20-04
ubuntu-upgrade-linux-image-aws-lts-22-04
ubuntu-upgrade-linux-image-azure
ubuntu-upgrade-linux-image-azure-lts-20-04
ubuntu-upgrade-linux-image-azure-lts-22-04
ubuntu-upgrade-linux-image-bluefield
ubuntu-upgrade-linux-image-gcp
ubuntu-upgrade-linux-image-gcp-lts-20-04
ubuntu-upgrade-linux-image-gcp-lts-22-04
ubuntu-upgrade-linux-image-generic
ubuntu-upgrade-linux-image-generic-64k
ubuntu-upgrade-linux-image-generic-64k-hwe-20-04
ubuntu-upgrade-linux-image-generic-hwe-18-04
ubuntu-upgrade-linux-image-generic-hwe-20-04
ubuntu-upgrade-linux-image-generic-lpae
ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04
ubuntu-upgrade-linux-image-gke
ubuntu-upgrade-linux-image-gke-5-15
ubuntu-upgrade-linux-image-gkeop
ubuntu-upgrade-linux-image-gkeop-5-15
ubuntu-upgrade-linux-image-gkeop-5-4
ubuntu-upgrade-linux-image-ibm
ubuntu-upgrade-linux-image-ibm-lts-20-04
ubuntu-upgrade-linux-image-kvm
ubuntu-upgrade-linux-image-lowlatency
ubuntu-upgrade-linux-image-lowlatency-64k
ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04
ubuntu-upgrade-linux-image-lowlatency-hwe-18-04
ubuntu-upgrade-linux-image-lowlatency-hwe-20-04
ubuntu-upgrade-linux-image-nvidia
ubuntu-upgrade-linux-image-nvidia-lowlatency
ubuntu-upgrade-linux-image-oem
ubuntu-upgrade-linux-image-oem-20-04
ubuntu-upgrade-linux-image-oem-20-04b
ubuntu-upgrade-linux-image-oem-20-04c
ubuntu-upgrade-linux-image-oem-20-04d
ubuntu-upgrade-linux-image-oem-osp1
ubuntu-upgrade-linux-image-oracle
ubuntu-upgrade-linux-image-oracle-lts-20-04
ubuntu-upgrade-linux-image-oracle-lts-22-04
ubuntu-upgrade-linux-image-raspi
ubuntu-upgrade-linux-image-raspi-hwe-18-04
ubuntu-upgrade-linux-image-raspi-nolpae
ubuntu-upgrade-linux-image-raspi2
ubuntu-upgrade-linux-image-snapdragon-hwe-18-04
ubuntu-upgrade-linux-image-virtual
ubuntu-upgrade-linux-image-virtual-hwe-18-04
ubuntu-upgrade-linux-image-virtual-hwe-20-04
ubuntu-upgrade-linux-image-xilinx-zynqmp

References

https://attackerkb.com/topics/cve-2024-46689
CVE - 2024-46689
USN-7088-1
USN-7088-2
USN-7088-3
USN-7088-4
USN-7088-5
USN-7100-1
USN-7100-2
USN-7119-1
USN-7123-1

Advanced vulnerability management analytics and reporting.

Key Features

Lightweight Endpoint Agent
Live Dashboards
Real Risk Prioritization
IT-Integrated Remediation Projects
Cloud, Virtual, and Container Assessment
Integrated Threat Feeds
Easy-to-Use RESTful API
Automation-Assisted Patching
Automated Containment

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Ubuntu: (Multiple Advisories) (CVE-2024-46689): Linux kernel vulnerabilities

Ubuntu: (Multiple Advisories) (CVE-2024-46689): Linux kernel vulnerabilities

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.