CVE-2024-46786
📋 TL;DR
A use-after-free vulnerability in the Linux kernel's fscache module allows attackers to trigger a kernel panic or potentially execute arbitrary code with kernel privileges. This affects Linux systems with the fscache module loaded, typically those using network filesystem caching. The vulnerability occurs during module unloading when a timer isn't properly cleaned up.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, with potential for privilege escalation to kernel-level code execution.
Likely Case
System crash or kernel panic causing denial of service, requiring physical or remote console access to reboot.
If Mitigated
No impact if fscache module is not loaded or system is patched.
🎯 Exploit Status
Requires ability to trigger timer_reduce() before module removal and sufficient privileges to load/unload kernel modules.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel versions with commits 0a11262549ac2ac6fb98c7cd40a67136817e5a52, 72a6e22c604c95ddb3b10b5d3bb85b6ff4dbc34f, c1fc36d5470335546c45799d94d7bb2cbc09e8b7, or e0d724932ad12e3528f4ce97fc0f6078d0cce4bc
Vendor Advisory: https://git.kernel.org/stable/c/0a11262549ac2ac6fb98c7cd40a67136817e5a52
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix. 2. Reboot system to load patched kernel. 3. Verify fscache module is not loaded if not needed.
🔧 Temporary Workarounds
Unload fscache module
linuxRemove the fscache module if not required for system functionality
sudo rmmod fscache
Blacklist fscache module
linuxPrevent fscache module from loading at boot
echo 'blacklist fscache' | sudo tee /etc/modprobe.d/fscache-blacklist.conf
sudo update-initramfs -u
🧯 If You Can't Patch
- Ensure fscache module is not loaded (check with 'lsmod | grep fscache')
- Restrict kernel module loading to authorized users only via sysctl settings
🔍 How to Verify
Check if Vulnerable:
Check if fscache module is loaded: 'lsmod | grep fscache'. If loaded and kernel version is before fixes, system is vulnerable.Check Version:
uname -rVerify Fix Applied:
Check kernel version includes fix commits or verify fscache module is not loaded after reboot.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages mentioning fscache_cookie_lru_timer
- Use-after-free errors in kernel logs
- System crash/reboot events
Network Indicators:
- None - local vulnerability
SIEM Query:
source="kernel" AND ("fscache" OR "UAF" OR "use-after-free")