[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-DEBIAN-CVE-2024-46763":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":23,"related":24,"reserved_at":9,"published_at":25,"modified_at":26,"state":9,"summary":27,"references_raw":29,"kevs":36,"epss":9,"epss_history":37,"metrics":38,"affected":45},"DEBIAN-CVE-2024-46763","In the Linux kernel, the following vulnerability has been resolved:  fou: Fix null-ptr-deref in GRO.  We observed a null-ptr-deref in fou_gro_receive() while shutting down a host.  [0]  The NULL pointer is sk->sk_user_data, and the offset 8 is of protocol in struct fou.  When fou_release() is called due to netns dismantle or explicit tunnel teardown, udp_tunnel_sock_release() sets NULL to sk->sk_user_data. Then, the tunnel socket is destroyed after a single RCU grace period.  So, in-flight udp4_gro_receive() could find the socket and execute the FOU GRO handler, where sk->sk_user_data could be NULL.  Let's use rcu_dereference_sk_user_data() in fou_from_sock() and add NULL checks in FOU GRO handlers.  [0]: BUG: kernel NULL pointer dereference, address: 0000000000000008  PF: supervisor read access in kernel mode  PF: error_code(0x0000) - not-present page PGD 80000001032f4067 P4D 80000001032f4067 PUD 103240067 PMD 0 SMP PTI CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.10.216-204.855.amzn2.x86_64 #1 Hardware name: Amazon EC2 c5.large/, BIOS 1.0 10/16/2017 RIP: 0010:fou_gro_receive (net/ipv4/fou.c:233) [fou] Code: 41 5f c3 cc cc cc cc e8 e7 2e 69 f4 0f 1f 80 00 00 00 00 0f 1f 44 00 00 49 89 f8 41 54 48 89 f7 48 89 d6 49 8b 80 88 02 00 00 \u003C0f> b6 48 08 0f b7 42 4a 66 25 fd fd 80 cc 02 66 89 42 4a 0f b6 42 RSP: 0018:ffffa330c0003d08 EFLAGS: 00010297 RAX: 0000000000000000 RBX: ffff93d9e3a6b900 RCX: 0000000000000010 RDX: ffff93d9e3a6b900 RSI: ffff93d9e3a6b900 RDI: ffff93dac2e24d08 RBP: ffff93d9e3a6b900 R08: ffff93dacbce6400 R09: 0000000000000002 R10: 0000000000000000 R11: ffffffffb5f369b0 R12: ffff93dacbce6400 R13: ffff93dac2e24d08 R14: 0000000000000000 R15: ffffffffb4edd1c0 FS:  0000000000000000(0000) GS:ffff93daee800000(0000) knlGS:0000000000000000 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000008 CR3: 0000000102140001 CR4: 00000000007706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace:  \u003CIRQ>  ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259)  ? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420)  ? no_context (arch/x86/mm/fault.c:752)  ? exc_page_fault (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 arch/x86/mm/fault.c:1435 arch/x86/mm/fault.c:1483)  ? asm_exc_page_fault (arch/x86/include/asm/idtentry.h:571)  ? fou_gro_receive (net/ipv4/fou.c:233) [fou]  udp_gro_receive (include/linux/netdevice.h:2552 net/ipv4/udp_offload.c:559)  udp4_gro_receive (net/ipv4/udp_offload.c:604)  inet_gro_receive (net/ipv4/af_inet.c:1549 (discriminator 7))  dev_gro_receive (net/core/dev.c:6035 (discriminator 4))  napi_gro_receive (net/core/dev.c:6170)  ena_clean_rx_irq (drivers/amazon/net/ena/ena_netdev.c:1558) [ena]  ena_io_poll (drivers/amazon/net/ena/ena_netdev.c:1742) [ena]  napi_poll (net/core/dev.c:6847)  net_rx_action (net/core/dev.c:6917)  __do_softirq (arch/x86/include/asm/jump_label.h:25 include/linux/jump_label.h:200 include/trace/events/irq.h:142 kernel/softirq.c:299)  asm_call_irq_on_stack (arch/x86/entry/entry_64.S:809) \u003C/IRQ>  do_softirq_own_stack (arch/x86/include/asm/irq_stack.h:27 arch/x86/include/asm/irq_stack.h:77 arch/x86/kernel/irq_64.c:77)  irq_exit_rcu (kernel/softirq.c:393 kernel/softirq.c:423 kernel/softirq.c:435)  common_interrupt (arch/x86/kernel/irq.c:239)  asm_common_interrupt (arch/x86/include/asm/idtentry.h:626) RIP: 0010:acpi_idle_do_entry (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 drivers/acpi/processor_idle.c:114 drivers/acpi/processor_idle.c:575) Code: 8b 15 d1 3c c4 02 ed c3 cc cc cc cc 65 48 8b 04 25 40 ef 01 00 48 8b 00 a8 08 75 eb 0f 1f 44 00 00 0f 00 2d d5 09 55 00 fb f4 \u003Cfa> c3 cc cc cc cc e9 be fc ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 RSP: 0018:ffffffffb5603e58 EFLAGS: 00000246 RAX: 0000000000004000 RBX: ffff93dac0929c00 RCX: ffff93daee833900 RDX: ffff93daee800000 RSI: ffff93d ---truncated---",null,[],[],[],[14],{"_key":15},"CVE-2024-46763",[17,19,21],{"_key":18},"DLA-3912-1",{"_key":20},"DLA-4008-1",{"_key":22},"DSA-5782-1",[],[],"2024-09-18T08:15:04.613Z","2026-04-28T20:28:36.222328Z",{"cisa_kev":28,"cisa_ransomware":28,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[30],{"url":31,"sources":32,"tags":34},"https://security-tracker.debian.org/tracker/CVE-2024-46763",[33],"osv_debian",[35],"Advisory",[],[],[39],{"source":33,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":40,"cvss_v4_0":9},{"baseScore":41,"baseSeverity":9,"vectorString":42,"impactScore":43,"exploitabilityScore":44},5.5,"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",6,4.6,[46,65],{"ecosystem":47,"name":48,"vendor":49,"product":48,"cpe_part":9,"purl_type":50,"purl_namespace":49,"purl_name":48,"source":9,"versions":51},"Debian","linux","debian","deb",[52,58,61,64],{"version":53,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":56,"version_end_type":57,"fixed_in":9},"lt5_10_226_1",true,"ecosystem","5.10.226-1","excluding",{"version":59,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":60,"version_end_type":57,"fixed_in":9},"lt6_1_112_1","6.1.112-1",{"version":62,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":63,"version_end_type":57,"fixed_in":9},"lt6_10_11_1","6.10.11-1",{"version":62,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":63,"version_end_type":57,"fixed_in":9},{"ecosystem":47,"name":66,"vendor":49,"product":66,"cpe_part":9,"purl_type":50,"purl_namespace":49,"purl_name":66,"source":9,"versions":67},"linux-6.1",[68],{"version":69,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":70,"version_end_type":57,"fixed_in":9},"lt6_1_119_1~deb11u1","6.1.119-1~deb11u1"]