[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-DEBIAN-CVE-2024-46858":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":23,"related":24,"reserved_at":9,"published_at":25,"modified_at":26,"state":9,"summary":27,"references_raw":29,"kevs":36,"epss":9,"epss_history":37,"metrics":38,"affected":44},"DEBIAN-CVE-2024-46858","In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: Fix uaf in __timer_delete_sync There are two paths to access mptcp_pm_del_add_timer, result in a race condition: CPU1\t\t\t\tCPU2 ==== ==== net_rx_action napi_poll netlink_sendmsg __napi_poll netlink_unicast process_backlog netlink_unicast_kernel __netif_receive_skb genl_rcv __netif_receive_skb_one_core netlink_rcv_skb NF_HOOK genl_rcv_msg ip_local_deliver_finish genl_family_rcv_msg ip_protocol_deliver_rcu genl_family_rcv_msg_doit tcp_v4_rcv mptcp_pm_nl_flush_addrs_doit tcp_v4_do_rcv mptcp_nl_remove_addrs_list tcp_rcv_established mptcp_pm_remove_addrs_and_subflows tcp_data_queue remove_anno_list_by_saddr mptcp_incoming_options mptcp_pm_del_add_timer mptcp_pm_del_add_timer kfree(entry) In remove_anno_list_by_saddr(running on CPU2), after leaving the critical zone protected by \"pm.lock\", the entry will be released, which leads to the occurrence of uaf in the mptcp_pm_del_add_timer(running on CPU1). Keeping a reference to add_timer inside the lock, and calling sk_stop_timer_sync() with this reference, instead of \"entry->add_timer\". Move list_del(&entry->list) to mptcp_pm_del_add_timer and inside the pm lock, do not directly access any members of the entry outside the pm lock, which can avoid similar \"entry->x\" uaf.",null,[],[],[],[14],{"_key":15},"CVE-2024-46858",[17,19,21],{"_key":18},"DLA-4008-1",{"_key":20},"DLA-4075-1",{"_key":22},"DSA-5782-1",[],[],"2024-09-27T13:15:17.353Z","2026-04-28T20:28:38.823163Z",{"cisa_kev":28,"cisa_ransomware":28,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[30],{"url":31,"sources":32,"tags":34},"https://security-tracker.debian.org/tracker/CVE-2024-46858",[33],"osv_debian",[35],"Advisory",[],[],[39],{"source":33,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":40,"cvss_v4_0":9},{"baseScore":4,"baseSeverity":9,"vectorString":41,"impactScore":42,"exploitabilityScore":43},"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",9.8,2.6,[45,64],{"ecosystem":46,"name":47,"vendor":48,"product":47,"cpe_part":9,"purl_type":49,"purl_namespace":48,"purl_name":47,"source":9,"versions":50},"Debian","linux","debian","deb",[51,57,60,63],{"version":52,"is_range":53,"range_type":54,"version_start":9,"version_start_type":9,"version_end":55,"version_end_type":56,"fixed_in":9},"lt5_10_234_1",true,"ecosystem","5.10.234-1","excluding",{"version":58,"is_range":53,"range_type":54,"version_start":9,"version_start_type":9,"version_end":59,"version_end_type":56,"fixed_in":9},"lt6_1_112_1","6.1.112-1",{"version":61,"is_range":53,"range_type":54,"version_start":9,"version_start_type":9,"version_end":62,"version_end_type":56,"fixed_in":9},"lt6_10_11_1","6.10.11-1",{"version":61,"is_range":53,"range_type":54,"version_start":9,"version_start_type":9,"version_end":62,"version_end_type":56,"fixed_in":9},{"ecosystem":46,"name":65,"vendor":48,"product":65,"cpe_part":9,"purl_type":49,"purl_namespace":48,"purl_name":65,"source":9,"versions":66},"linux-6.1",[67],{"version":68,"is_range":53,"range_type":54,"version_start":9,"version_start_type":9,"version_end":69,"version_end_type":56,"fixed_in":9},"lt6_1_119_1~deb11u1","6.1.119-1~deb11u1"]