Detections
Analytics

Linux Distros Unpatched Vulnerability : CVE-2024-46756

high Nessus Plugin ID 228590

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - 2024-10-24: CVE-2024-46828 was added to this advisory. 2024-10-24: CVE-2024-46840 was added to this advisory. 2024-10-24: CVE-2024-46822 was added to this advisory. 2024-10-24: CVE-2024-46829 was added to this advisory. In the Linux kernel, the following vulnerability has been resolved: ima: Fix use-after- free on a dentry's dname.name (CVE-2024-39494) In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix mc_data out-of-bounds read warning (CVE-2024-46722) In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix ucode out-of-bounds read warning (CVE-2024-46723) In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix use- after-free when removing resource in vmci_resource_remove() (CVE-2024-46738) In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (CVE-2024-46739) In the Linux kernel, the following vulnerability has been resolved:
 of/irq: Prevent device address out-of-bounds read in interrupt map walk (CVE-2024-46743) In the Linux kernel, the following vulnerability has been resolved: Squashfs: sanity check symbolic link size (CVE-2024-46744) In the Linux kernel, the following vulnerability has been resolved: Input: uinput - reject requests with unreasonable number of slots (CVE-2024-46745) In the Linux kernel, the following vulnerability has been resolved: PCI: Add missing bridge lock to pci_bus_lock() (CVE-2024-46750) In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (CVE-2024-46756) In the Linux kernel, the following vulnerability has been resolved: hwmon: (nct6775-core) Fix underflows seen when writing limit attributes (CVE-2024-46757) In the Linux kernel, the following vulnerability has been resolved: hwmon: (lm95234) Fix underflows seen when writing limit attributes (CVE-2024-46758) In the Linux kernel, the following vulnerability has been resolved: hwmon: (adc128d818) Fix underflows seen when writing limit attributes (CVE-2024-46759) In the Linux kernel, the following vulnerability has been resolved: can: bcm: Remove proc entry when dev is unregistered. (CVE-2024-46771) In the Linux kernel, the following vulnerability has been resolved: udf:
 Avoid excessive partition lengths (CVE-2024-46777) In the Linux kernel, the following vulnerability has been resolved: nilfs2: protect references to superblock parameters exposed in sysfs (CVE-2024-46780) In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix missing cleanup on rollforward recovery error (CVE-2024-46781) In the Linux kernel, the following vulnerability has been resolved: ila: call nf_unregister_net_hooks() sooner (CVE-2024-46782) In the Linux kernel, the following vulnerability has been resolved: tcp_bpf: fix return value of tcp_bpf_sendmsg() (CVE-2024-46783) In the Linux kernel, the following vulnerability has been resolved: ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (CVE-2024-46798) In the Linux kernel, the following vulnerability has been resolved: sch/netem:
 fix use after free in netem_dequeue (CVE-2024-46800) In the Linux kernel, the following vulnerability has been resolved: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (CVE-2024-46822) In the Linux kernel, the following vulnerability has been resolved: sched: sch_cake: fix bulk flow accounting logic for host fairness (CVE-2024-46828) In the Linux kernel, the following vulnerability has been resolved: rtmutex: Drop rt_mutex::wait_lock before scheduling (CVE-2024-46829) In the Linux kernel, the following vulnerability has been resolved: btrfs: clean up our handling of refs == 0 in snapshot delete (CVE-2024-46840) (CVE-2024-46756)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Plugin Details

Severity: High

ID: 228590

File Name: unpatched_CVE_2024_46756.nasl

Version: 1.1

Type: local

Agent: unix

Family: Misc.

Published: 3/5/2025

Updated: 3/5/2025

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2024-46756

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: Host/cpu, Host/local_checks_enabled, global_settings/vendor_unpatched

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 9/18/2024

Reference Information

CVE: CVE-2024-46756