CVE-2024-46713

Advisory lineage Upstream: 0 Downstream: 30
Modified
Published: 13 Sept 2024, 14:49
Last modified:11 May 2026, 20:34

Vulnerability Summary

Overall Risk (default)
medium
31/100
CVSS Score
7.8 HIGH
v3.1 (nvd)
EPSS Score
0.02% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

13 Sept 2024, 14:49
Published
Vulnerability first disclosed
11 May 2026, 20:34
Last Modified
Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: perf/aux: Fix AUX buffer serialization Ole reported that event->mmap_mutex is strictly insufficient to serialize the AUX buffer, add a per RB mutex to fully serialize it. Note that in the lock order comment the perf_event::mmap_mutex order was already wrong, that is, it nesting under mmap_lock is not new with this patch.

CVSS Metrics

  • v3.1HIGHScore: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 0.02% Percentile: 4%

Techniques & Countermeasures

  • CWE-787Out-of-bounds Write

    The product writes data past the end, or before the beginning, of the intended buffer.

Affected Systems

  • linuxlinux

    ≥ 45bfb2e50471abbbfd83d40d28c986078b0d24ff, < 7882923f1cb88dc1a17f2bf0c81b1fc80d44db82 | ≥ 45bfb2e50471abbbfd83d40d28c986078b0d24ff, < 52d13d224fdf1299c8b642807fa1ea14d693f5ff | ≥ 45bfb2e50471abbbfd83d40d28c986078b0d24ff, < 9dc7ad2b67772cfb94ceb3b0c9c4023c2463215d | ≥ 45bfb2e50471abbbfd83d40d28c986078b0d24ff, < c4b69bee3f4ef76809288fe6827bc14d4ae788ef | ≥ 45bfb2e50471abbbfd83d40d28c986078b0d24ff, < b9b6882e243b653d379abbeaa64a500182aba370 | ≥ 45bfb2e50471abbbfd83d40d28c986078b0d24ff, < 2ab9d830262c132ab5db2f571003d80850d56b2a | 4.1

  • linuxlinux_kernel

    ≥ 4.1, < 5.10.226 | ≥ 5.11, < 5.15.167 | ≥ 5.16, < 6.1.110 | ≥ 6.2, < 6.6.51 | ≥ 6.7, < 6.10.10 | 6.11:rc1 | 6.11:rc2 | 6.11:rc3 | 6.11:rc4 | 6.11:rc5 | 6.11:rc6

References (8)