CVE-2024-46762: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-46762 affects the Linux kernel's Xen privcmd subsystem. The vulnerability was discovered in September 2024 and involves a race condition in the handling of irqfd instances. The issue occurs due to possible simultaneous ioctl calls to privcmdirqfdassign() and privcmdirqfddeassign() functions, which can lead to accessing freed kirqfd instances (NVD).

The vulnerability stems from a synchronization issue where a kirqfd created and added to the irqfdslist by privcmdirqfdassign() may get removed by another thread executing privcmdirqfd_deassign() while the former is still using it after dropping the locks. This race condition can result in accessing an already freed kirqfd instance. The CVSS v3.1 base score is 5.5 (Medium), with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

If exploited, this vulnerability can cause a kernel oops (crash) when the freed kirqfd instance is accessed, leading to a denial of service condition. The impact is limited to local attacks and primarily affects system availability (NVD).

The issue has been fixed by implementing SRCU (Sleepable Read-Copy Update) locking to prevent the race condition, similar to the approach used in KVM implementation for irqfds. The fix has been incorporated into various Linux kernel versions, including 6.8.0-50.51 for Ubuntu 24.04 LTS and corresponding versions for other distributions (Ubuntu).