CVE-2024-46784

net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup

Description

In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup Currently napi_disable() gets called during rxq and txq cleanup, even before napi is enabled and hrtimer is initialized. It causes kernel panic. ? page_fault_oops+0x136/0x2b0 ? page_counter_cancel+0x2e/0x80 ? do_user_addr_fault+0x2f2/0x640 ? refill_obj_stock+0xc4/0x110 ? exc_page_fault+0x71/0x160 ? asm_exc_page_fault+0x27/0x30 ? __mmdrop+0x10/0x180 ? __mmdrop+0xec/0x180 ? hrtimer_active+0xd/0x50 hrtimer_try_to_cancel+0x2c/0xf0 hrtimer_cancel+0x15/0x30 napi_disable+0x65/0x90 mana_destroy_rxq+0x4c/0x2f0 mana_create_rxq.isra.0+0x56c/0x6d0 ? mana_uncfg_vport+0x50/0x50 mana_alloc_queues+0x21b/0x320 ? skb_dequeue+0x5f/0x80

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/386617efacab10bf5bb40bde403467c57cc00470
https://git.kernel.org/stable/c/9178eb8ebcd887ab75e54ac40d538e54bb9c7788 patch
https://git.kernel.org/stable/c/9e0bff4900b5d412a9bafe4baeaa6facd34f671c patch
https://git.kernel.org/stable/c/4982a47154f0b50de81ee0a0b169a3fc74120a65 patch
https://git.kernel.org/stable/c/b6ecc662037694488bfff7c9fd21c405df8411f2 patch

Frequently Asked Questions

What is the severity of CVE-2024-46784?
CVE-2024-46784 has been scored as a medium severity vulnerability.
How to fix CVE-2024-46784?
To fix CVE-2024-46784, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-46784 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-46784 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-46784?
CVE-2024-46784 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.