CVE-2024-46788
📋 TL;DR
A race condition vulnerability in the Linux kernel's tracing/osnoise subsystem allows improper kthread_stop() calls on user space threads, causing kernel crashes. This affects Linux systems using the osnoise tracer with specific timing conditions. The vulnerability can lead to denial of service through kernel panics.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially causing data loss or service disruption.
Likely Case
System crash or instability when using rtla timerlat tools with specific timing patterns, resulting in temporary denial of service.
If Mitigated
Minimal impact if osnoise tracing is disabled or not in use.
🎯 Exploit Status
The provided script demonstrates exploitation through specific timing of rtla timerlat commands. Requires local access and knowledge of the vulnerability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits 177e1cc2f41235c145041eed03ef5bab18f32328, 27282d2505b402f39371fd60d19d95c01a4b6776, 7a5f01828edf152c144d27cf63de446fdf2dc222
Vendor Advisory: https://git.kernel.org/stable/c/177e1cc2f41235c145041eed03ef5bab18f32328
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Rebuild kernel if compiling from source. 3. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Disable osnoise tracing
linuxPrevent exploitation by disabling the vulnerable osnoise tracer functionality
echo 0 > /sys/kernel/debug/tracing/osnoise/enable
Restrict rtla tool usage
linuxLimit access to rtla timerlat tools that trigger the vulnerability
chmod 700 /usr/bin/rtla
setfacl -m u:root:rx /usr/bin/rtla
🧯 If You Can't Patch
- Disable CONFIG_TRACER_OSNOISE kernel configuration and rebuild kernel
- Implement strict access controls to prevent local users from executing rtla timerlat commands
🔍 How to Verify
Check if Vulnerable:
Check if kernel has osnoise tracing enabled: cat /sys/kernel/debug/tracing/available_tracers | grep osnoiseCheck Version:
uname -rVerify Fix Applied:
Check kernel version includes fix commits: uname -r and verify against patched versions📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs mentioning 'general protection fault' in osnoise/timerlat context
- System crash dumps with hrtimer_active stack traces
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND "general protection fault" AND ("osnoise" OR "timerlat")