CVE-2024-46832: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-46832 is a vulnerability in the Linux kernel's MIPS architecture implementation, specifically in the clock event handling for R4K processors. The issue was discovered and reported by Serge Semin, with the vulnerability being publicly disclosed on September 27, 2024. The vulnerability affects multiple versions of the Linux kernel, including versions up to 5.10.226, from 5.11 to 5.15.167, from 5.16 to 6.1.110, from 6.2 to 6.6.51, and version 6.7 and above (NVD).

The vulnerability stems from an improper implementation in the MIPS clock event handling (cevt-r4k) where getc0compare_int is called when the timer IRQ is already installed. This causes a warning message indicating a BUG condition: 'sleeping function called from invalid context at kernel/locking/mutex.c:283' on secondary CPU. The issue has been assigned a CVSS v3.1 base score of 5.5 (Medium) with a vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to system instability when the affected code path is triggered on secondary CPUs in MIPS-based systems. The CVSS scoring indicates that while there is no impact on confidentiality or integrity, there is a high impact on system availability (NVD).

The vulnerability has been patched in the Linux kernel. The fix involves restructuring the code to avoid calling getc0compareint if the timer IRQ is already installed. Additionally, the IRQ number storage in the clockevent_device structure has been removed as it was determined to be unnecessary for CPU local devices. Multiple Linux distributions have released updated kernel versions containing the fix (Kernel Patch).