Login Sign Up

CVE-2024-46865

7.1 HIGH
Denial of Service

📋 TL;DR

This CVE addresses an uninitialized variable vulnerability in the Linux kernel's FOU (Foo over UDP) module. If exploited, it could lead to kernel memory corruption or information disclosure. Systems running vulnerable Linux kernel versions with FOU enabled are affected.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific vulnerable versions not explicitly stated in CVE; check kernel commit history for affected releases.
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if FOU (fou) module is loaded and configured; not enabled by default in most distributions.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic, system crash, or potential arbitrary code execution with kernel privileges leading to complete system compromise.

🟠

Likely Case

Kernel crash causing system instability or denial of service, potentially with some information disclosure from kernel memory.

🟢

If Mitigated

Minimal impact if FOU module is not loaded or used; system remains stable with proper kernel protections.

🌐 Internet-Facing: LOW - FOU is typically used for internal tunneling and not exposed externally by default.
🏢 Internal Only: MEDIUM - Requires local access or network access to systems using FOU; exploitation could affect internal services.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires ability to trigger the specific code path in FOU module; local access or network access to FOU services needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits: 16ff0895283058b0f96d4fe277aa25ee096f0ea8, 392f6a97fcbecc64f0c00058b2db5bb0e4b8cc3e, 4c8002277167125078e6b9b90137bdf443ebaa08, 5d537b8d900514509622ce92330b70d2e581d409, 7ae890ee19479eeeb87724cca8430b5cb3660c74

Vendor Advisory: https://git.kernel.org/stable/c/16ff0895283058b0f96d4fe277aa25ee096f0ea8

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify FOU module loads without errors.

🔧 Temporary Workarounds

Disable FOU module

linux

Prevent loading of vulnerable FOU kernel module

echo 'blacklist fou' >> /etc/modprobe.d/blacklist-fou.conf
rmmod fou 2>/dev/null || true

Restrict FOU usage

linux

Ensure FOU is not configured or used on the system

systemctl stop fou-related-services
iptables -A INPUT -p udp --dport 5555 -j DROP

🧯 If You Can't Patch

  • Ensure FOU module is not loaded (check with lsmod | grep fou)
  • Implement network segmentation to restrict access to systems using FOU

🔍 How to Verify

Check if Vulnerable:

Check if FOU module is loaded: lsmod | grep fou && echo 'Potentially vulnerable if kernel version is affected'

Check Version:

uname -r

Verify Fix Applied:

Check kernel version includes fix commits: uname -r and verify with distribution patch notes

📡 Detection & Monitoring

Log Indicators:

  • Kernel oops messages
  • System crash logs
  • FOU module error messages in dmesg

Network Indicators:

  • Unexpected traffic on FOU ports (typically 5555)
  • Anomalous UDP tunneling traffic

SIEM Query:

source="kernel" AND ("fou" OR "FOU" OR "Foo over UDP") AND ("panic" OR "oops" OR "BUG")

📊 Metadata

CVE ID: CVE-2024-46865
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE: CWE-908
Published: September 27, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-46865, you might also want to check these:

CVE-2021-26305 9.8

CVE-2021-26305 is a deserialization vulnerability in the cdr crate for Rust that allows a malicious ...

Same vulnerability type (CWE-908)
CVE-2020-36443 9.8

This vulnerability in libp2p-deflate crate for Rust allows reading uninitialized memory due to passi...

Same vulnerability type (CWE-908)
CVE-2020-36452 9.8

This vulnerability in the array-tools Rust crate allows attackers to cause memory corruption by expl...

Same vulnerability type (CWE-908)