CVE-2024-46681: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability in the Linux kernel's pktgen module has been identified and assigned CVE-2024-46681. The issue was discovered when WARNON(smpprocessorid() != cpu) was firing in pktgenthread_worker() during tests. The vulnerability affects Linux kernel versions from 2.6.12 up to (excluding) 6.10.8, as well as Linux kernel 6.11 release candidates (rc1 through rc5) (NVD).

The vulnerability stems from improper CPU locking mechanisms in the pktgen module's pgnetinit() function. The issue requires the implementation of cpusreadlock() and cpusreadunlock() around the foreachonline_cpu(cpu) loop to prevent potential race conditions. The National Vulnerability Database has assigned this vulnerability a CVSS v3.1 base score of 5.5 (Medium) with a vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD, Kernel Patch).

The vulnerability could potentially lead to system instability and denial of service conditions. The issue specifically affects the kernel's packet generator (pktgen) functionality, which is used for network testing and performance measurement (NVD).

The vulnerability has been patched in the Linux kernel. The fix involves adding proper CPU locking mechanisms using cpusreadlock() and cpusreadunlock() around the foreachonlinecpu(cpu) loop in pgnetinit(). Additionally, WARNON was replaced with WARNONONCE() to prevent possible syslog flooding (Kernel Patch).