CVE-2024-41046: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-41046 is a vulnerability in the Linux kernel's Lantiq ETOP ethernet driver, discovered and disclosed on July 29, 2024. The vulnerability affects Linux kernel versions from 3.0 up to versions before 4.19.318, 5.4.280, 5.10.222, 5.15.163, 6.1.100, 6.6.41, and 6.9.10. The issue involves a double free vulnerability in the network ethernet driver's detach function (NVD).

The vulnerability is classified as a double free condition (CWE-415) in the lantiq_etop ethernet driver. The issue occurs because the number of the currently released descriptor is never incremented, which results in the same skb (socket buffer) being released multiple times during the detach operation. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability could potentially lead to memory corruption due to the double freeing of memory resources, which could result in system crashes or potential privilege escalation. The high CVSS score indicates that successful exploitation could lead to complete compromise of system confidentiality, integrity, and availability (NVD).

The vulnerability has been fixed in the Linux kernel through a patch that correctly increments the descriptor counter during the release process. The fix has been backported to multiple kernel versions and is available in kernel versions 4.19.318, 5.4.280, 5.10.222, 5.15.163, 6.1.100, 6.6.41, and 6.9.10 or later (Kernel Patch).