CVE-2024-46689: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-46689 affects the Linux kernel's command database (cmd-db) driver for Qualcomm SoCs. The vulnerability was discovered in July 2024 and disclosed in September 2024. The issue affects Linux kernel versions from 4.18 up to versions before 5.4.283, 5.10.225, 5.15.166, 6.1.108, and 6.10.8 (NVD).

The vulnerability stems from incorrect memory mapping in the Qualcomm command database driver. The driver maps a write-protected memory region using write-back (WB) caching, but the XPU (Extended Memory Protection Unit) sometimes falsely detects clean cache eviction as write operations into the protected region. This leads to secure interrupts causing endless loops in the Trust Zone. The issue occurs because while the Qualcomm Hypervisor maps the region as Non-Cacheable memory in Stage 2 translation tables, other hypervisors like Xen or KVM don't implement these specific mappings (Kernel Patch). The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can result in a denial of service condition through an endless loop in the Trust Zone when clean cache eviction is falsely detected as a write operation. This primarily affects systems using alternative hypervisors like Xen or KVM instead of the Qualcomm Hypervisor (Kernel Patch).

The issue has been fixed by changing the memory mapping from MEMREMAPWB (Write-Back) to MEMREMAPWC (Write-Combining), which removes the dependency on correct mappings in Stage 2 tables. The fix has been implemented in multiple kernel versions through patches (Kernel Patch).