CVE-2024-46746
📋 TL;DR
This is a use-after-free vulnerability in the Linux kernel's AMD SFH HID driver that occurs when driver_data is freed before the hid_destroy_device() function completes. The vulnerability allows attackers with local access to potentially crash the system or execute arbitrary code with kernel privileges. It affects Linux systems with AMD SFH hardware support, particularly certain Lenovo laptops.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to kernel mode, allowing complete system compromise including data theft, persistence installation, or denial of service.
Likely Case
Kernel panic or system crash leading to denial of service, potentially requiring physical intervention to restore.
If Mitigated
Limited to denial of service if exploit attempts fail or system has additional memory protection mechanisms.
🎯 Exploit Status
Requires local access and knowledge of memory layout. The use-after-free condition provides opportunity for code execution, but successful exploitation depends on specific system configuration and memory state.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 60dc4ee0428d70bcbb41436b6729d29f1cbdfb89, 775125c7fe38533aaa4b20769f5b5e62cc1170a0, 86b4f5cf91ca03c08e3822ac89476a677a780bcc, 97155021ae17b86985121b33cf8098bcde00d497, adb3e3c1ddb5a23b8b7122ef1913f528d728937c
Vendor Advisory: https://git.kernel.org/stable/c/60dc4ee0428d70bcbb41436b6729d29f1cbdfb89
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check your distribution's security advisories for specific patched kernel versions. 3. Reboot the system after kernel update.
🔧 Temporary Workarounds
Disable AMD SFH driver module
linuxPrevent loading of the vulnerable amd_sfh driver module
echo 'blacklist amd_sfh' >> /etc/modprobe.d/blacklist-amd_sfh.conf
update-initramfs -u
reboot
Unload existing driver module
linuxRemove the currently loaded amd_sfh module (temporary workaround)
rmmod amd_sfh
🧯 If You Can't Patch
- Restrict local access to affected systems to trusted users only
- Implement strict privilege separation and limit user permissions
🔍 How to Verify
Check if Vulnerable:
Check if amd_sfh module is loaded: lsmod | grep amd_sfh. If loaded, check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits or is newer than vulnerable versions. Check dmesg for no KASAN errors related to amd_sfh.📡 Detection & Monitoring
Log Indicators:
- KASAN reports of use-after-free in amd_sfh_get_report
- Kernel panic or oops messages mentioning amd_sfh
- System crashes during HID device operations
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("amd_sfh" OR "KASAN: slab-use-after-free")🔗 References
- https://git.kernel.org/stable/c/60dc4ee0428d70bcbb41436b6729d29f1cbdfb89
- https://git.kernel.org/stable/c/775125c7fe38533aaa4b20769f5b5e62cc1170a0
- https://git.kernel.org/stable/c/86b4f5cf91ca03c08e3822ac89476a677a780bcc
- https://git.kernel.org/stable/c/97155021ae17b86985121b33cf8098bcde00d497
- https://git.kernel.org/stable/c/adb3e3c1ddb5a23b8b7122ef1913f528d728937c
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
