{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-46713", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-09-11T15:12:18.254Z", "datePublished": "2024-09-13T14:49:13.691Z", "dateUpdated": "2025-05-04T09:32:31.367Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:32:31.367Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/aux: Fix AUX buffer serialization\n\nOle reported that event->mmap_mutex is strictly insufficient to\nserialize the AUX buffer, add a per RB mutex to fully serialize it.\n\nNote that in the lock order comment the perf_event::mmap_mutex order\nwas already wrong, that is, it nesting under mmap_lock is not new with\nthis patch."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/events/core.c", "kernel/events/internal.h", "kernel/events/ring_buffer.c"], "versions": [{"version": "45bfb2e50471abbbfd83d40d28c986078b0d24ff", "lessThan": "7882923f1cb88dc1a17f2bf0c81b1fc80d44db82", "status": "affected", "versionType": "git"}, {"version": "45bfb2e50471abbbfd83d40d28c986078b0d24ff", "lessThan": "52d13d224fdf1299c8b642807fa1ea14d693f5ff", "status": "affected", "versionType": "git"}, {"version": "45bfb2e50471abbbfd83d40d28c986078b0d24ff", "lessThan": "9dc7ad2b67772cfb94ceb3b0c9c4023c2463215d", "status": "affected", "versionType": "git"}, {"version": "45bfb2e50471abbbfd83d40d28c986078b0d24ff", "lessThan": "c4b69bee3f4ef76809288fe6827bc14d4ae788ef", "status": "affected", "versionType": "git"}, {"version": "45bfb2e50471abbbfd83d40d28c986078b0d24ff", "lessThan": "b9b6882e243b653d379abbeaa64a500182aba370", "status": "affected", "versionType": "git"}, {"version": "45bfb2e50471abbbfd83d40d28c986078b0d24ff", "lessThan": "2ab9d830262c132ab5db2f571003d80850d56b2a", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/events/core.c", "kernel/events/internal.h", "kernel/events/ring_buffer.c"], "versions": [{"version": "4.1", "status": "affected"}, {"version": "0", "lessThan": "4.1", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.226", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.167", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.110", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.51", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.10", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.1", "versionEndExcluding": "5.10.226"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.1", "versionEndExcluding": "5.15.167"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.1", "versionEndExcluding": "6.1.110"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.1", "versionEndExcluding": "6.6.51"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.1", "versionEndExcluding": "6.10.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.1", "versionEndExcluding": "6.11"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/7882923f1cb88dc1a17f2bf0c81b1fc80d44db82"}, {"url": "https://git.kernel.org/stable/c/52d13d224fdf1299c8b642807fa1ea14d693f5ff"}, {"url": "https://git.kernel.org/stable/c/9dc7ad2b67772cfb94ceb3b0c9c4023c2463215d"}, {"url": "https://git.kernel.org/stable/c/c4b69bee3f4ef76809288fe6827bc14d4ae788ef"}, {"url": "https://git.kernel.org/stable/c/b9b6882e243b653d379abbeaa64a500182aba370"}, {"url": "https://git.kernel.org/stable/c/2ab9d830262c132ab5db2f571003d80850d56b2a"}], "title": "perf/aux: Fix AUX buffer serialization", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-29T14:58:57.910208Z", "id": "CVE-2024-46713", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-29T14:59:13.207Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-46713", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-29T14:58:57.910208Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-29T14:59:02.441Z"}}], "cna": {"title": "perf/aux: Fix AUX buffer serialization", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "45bfb2e50471", "lessThan": "7882923f1cb8", "versionType": "git"}, {"status": "affected", "version": "45bfb2e50471", "lessThan": "52d13d224fdf", "versionType": "git"}, {"status": "affected", "version": "45bfb2e50471", "lessThan": "9dc7ad2b6777", "versionType": "git"}, {"status": "affected", "version": "45bfb2e50471", "lessThan": "c4b69bee3f4e", "versionType": "git"}, {"status": "affected", "version": "45bfb2e50471", "lessThan": "b9b6882e243b", "versionType": "git"}, {"status": "affected", "version": "45bfb2e50471", "lessThan": "2ab9d830262c", "versionType": "git"}], "programFiles": ["kernel/events/core.c", "kernel/events/internal.h", "kernel/events/ring_buffer.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.1"}, {"status": "unaffected", "version": "0", "lessThan": "4.1", "versionType": "semver"}, {"status": "unaffected", "version": "5.10.226", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.167", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.110", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.51", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.10.10", "versionType": "semver", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["kernel/events/core.c", "kernel/events/internal.h", "kernel/events/ring_buffer.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/7882923f1cb88dc1a17f2bf0c81b1fc80d44db82"}, {"url": "https://git.kernel.org/stable/c/52d13d224fdf1299c8b642807fa1ea14d693f5ff"}, {"url": "https://git.kernel.org/stable/c/9dc7ad2b67772cfb94ceb3b0c9c4023c2463215d"}, {"url": "https://git.kernel.org/stable/c/c4b69bee3f4ef76809288fe6827bc14d4ae788ef"}, {"url": "https://git.kernel.org/stable/c/b9b6882e243b653d379abbeaa64a500182aba370"}, {"url": "https://git.kernel.org/stable/c/2ab9d830262c132ab5db2f571003d80850d56b2a"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/aux: Fix AUX buffer serialization\n\nOle reported that event->mmap_mutex is strictly insufficient to\nserialize the AUX buffer, add a per RB mutex to fully serialize it.\n\nNote that in the lock order comment the perf_event::mmap_mutex order\nwas already wrong, that is, it nesting under mmap_lock is not new with\nthis patch."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:45:10.303Z"}}}, "cveMetadata": {"cveId": "CVE-2024-46713", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:45:10.303Z", "dateReserved": "2024-09-11T15:12:18.254Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-09-13T14:49:13.691Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D9B79AE-30B4-4DA9-99DD-71A4FB514DB1", "versionEndExcluding": "5.10.226", "versionStartIncluding": "4.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "043405A4-25FE-45D4-A7BB-2A0C3B7D17C1", "versionEndExcluding": "5.15.167", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B1A95FC-7E7E-428B-BB59-F76640C652AE", "versionEndExcluding": "6.1.110", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4529134-BAC4-4776-840B-304009E181A0", "versionEndExcluding": "6.6.51", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "ACDEE48C-137A-4731-90D0-A675865E1BED", "versionEndExcluding": "6.10.10", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*", "matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*", "matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*", "matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*", "matchCriteriaId": "B8383ABF-1457-401F-9B61-EE50F4C61F4F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*", "matchCriteriaId": "B77A9280-37E6-49AD-B559-5B23A3B1DC3D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/aux: Fix AUX buffer serialization\n\nOle reported that event->mmap_mutex is strictly insufficient to\nserialize the AUX buffer, add a per RB mutex to fully serialize it.\n\nNote that in the lock order comment the perf_event::mmap_mutex order\nwas already wrong, that is, it nesting under mmap_lock is not new with\nthis patch."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: perf/aux: Se corrige la serializaci\u00f3n del b\u00fafer AUX. Ole inform\u00f3 que event->mmap_mutex es estrictamente insuficiente para serializar el b\u00fafer AUX, agregue un mutex por RB para serializarlo por completo. Tenga en cuenta que en el comentario de orden de bloqueo, el orden perf_event::mmap_mutex ya estaba mal, es decir, su anidaci\u00f3n bajo mmap_lock no es nueva con este parche."}], "id": "CVE-2024-46713", "lastModified": "2025-09-26T18:50:56.913", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-09-13T15:15:15.010", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2ab9d830262c132ab5db2f571003d80850d56b2a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/52d13d224fdf1299c8b642807fa1ea14d693f5ff"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7882923f1cb88dc1a17f2bf0c81b1fc80d44db82"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9dc7ad2b67772cfb94ceb3b0c9c4023c2463215d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b9b6882e243b653d379abbeaa64a500182aba370"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c4b69bee3f4ef76809288fe6827bc14d4ae788ef"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2025:0059", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.21.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-01-08T00:00:00Z"}, {"advisory": "RHSA-2025:0059", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.21.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-01-08T00:00:00Z"}], "bugzilla": {"description": "kernel: perf/aux: Fix AUX buffer serialization", "id": "2312221", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312221"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-662", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nperf/aux: Fix AUX buffer serialization\nOle reported that event->mmap_mutex is strictly insufficient to\nserialize the AUX buffer, add a per RB mutex to fully serialize it.\nNote that in the lock order comment the perf_event::mmap_mutex order\nwas already wrong, that is, it nesting under mmap_lock is not new with\nthis patch."], "name": "CVE-2024-46713", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-09-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-46713\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-46713\nhttps://lore.kernel.org/linux-cve-announce/2024091316-CVE-2024-46713-5e49@gregkh/T"], "threat_severity": "Moderate"}