CVE-2024-46784: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-46784 affects the Linux kernel's Microsoft Azure Network Adapter (MANA) driver. The vulnerability was discovered in September 2024 and involves improper error handling in the NAPI (New API) cleanup process within the mana_create_txq/rxq functions (Kernel Git).

The vulnerability occurs when napi_disable() is called during rxq and txq cleanup before NAPI is enabled and the hrtimer is initialized. This improper sequence causes a kernel panic due to accessing uninitialized timer structures. The issue affects Linux kernel versions from 5.15 up to 6.1.110, 6.2 up to 6.6.51, and 6.7 up to 6.10.10. The vulnerability has been assigned a CVSS v3.1 score indicating local access with low complexity and privilege requirements (NVD).

When exploited, this vulnerability can cause a kernel panic in systems using the MANA driver, leading to a denial of service condition. The impact is limited to local attacks and primarily affects systems running Microsoft Azure Network Adapter drivers (Kernel Git).

The vulnerability has been patched in the Linux kernel by adding proper initialization checks and fixing the NAPI cleanup sequence. The fix includes adding a napi_initialized flag and ensuring proper state validation before cleanup operations. Users should update to patched kernel versions: 6.1.110 or later for the 6.1 series, 6.6.51 or later for the 6.6 series, and 6.10.10 or later for the 6.10 series (NVD).