{
  "threat_severity" : "Moderate",
  "public_date" : "2024-09-13T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: ethtool: check device is present when getting link settings",
    "id" : "2312067",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2312067"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.7",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-99",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nethtool: check device is present when getting link settings\nA sysfs reader can race with a device reset or removal, attempting to\nread device state when the device is not actually present. eg:\n[exception RIP: qed_get_current_link+17]\n#8 [ffffb9e4f2907c48] qede_get_link_ksettings at ffffffffc07a994a [qede]\n#9 [ffffb9e4f2907cd8] __rh_call_get_link_ksettings at ffffffff992b01a3\n#10 [ffffb9e4f2907d38] __ethtool_get_link_ksettings at ffffffff992b04e4\n#11 [ffffb9e4f2907d90] duplex_show at ffffffff99260300\n#12 [ffffb9e4f2907e38] dev_attr_show at ffffffff9905a01c\n#13 [ffffb9e4f2907e50] sysfs_kf_seq_show at ffffffff98e0145b\n#14 [ffffb9e4f2907e68] seq_read at ffffffff98d902e3\n#15 [ffffb9e4f2907ec8] vfs_read at ffffffff98d657d1\n#16 [ffffb9e4f2907f00] ksys_read at ffffffff98d65c3f\n#17 [ffffb9e4f2907f38] do_syscall_64 at ffffffff98a052fb\ncrash> struct net_device.state ffff9a9d21336000\nstate = 5,\nstate 5 is __LINK_STATE_START (0b1) and __LINK_STATE_NOCARRIER (0b100).\nThe device is not present, note lack of __LINK_STATE_PRESENT (0b10).\nThis is the same sort of panic as observed in commit 4224cfd7fb65\n(\"net-sysfs: add check for netdevice being present to speed_show\").\nThere are many other callers of __ethtool_get_link_ksettings() which\ndon't have a device presence check.\nMove this check into ethtool to protect all callers.", "A flaw was found in ethtool in the Linux kernel, where sysfs reader getting link settings can attempt to read the device state on a device that is not present, leading to a crash." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-11-05T00:00:00Z",
    "advisory" : "RHSA-2024:8856",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-553.27.1.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Advanced Update Support",
    "release_date" : "2025-12-17T00:00:00Z",
    "advisory" : "RHSA-2025:23445",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.2",
    "package" : "kernel-0:4.18.0-193.178.1.el8_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
    "release_date" : "2025-12-17T00:00:00Z",
    "advisory" : "RHSA-2025:23463",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.4",
    "package" : "kernel-0:4.18.0-305.182.1.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
    "release_date" : "2025-12-17T00:00:00Z",
    "advisory" : "RHSA-2025:23463",
    "cpe" : "cpe:/o:redhat:rhel_eus_long_life:8.4",
    "package" : "kernel-0:4.18.0-305.182.1.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
    "release_date" : "2025-11-25T00:00:00Z",
    "advisory" : "RHSA-2025:22006",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.6",
    "package" : "kernel-0:4.18.0-372.170.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
    "release_date" : "2025-11-25T00:00:00Z",
    "advisory" : "RHSA-2025:22006",
    "cpe" : "cpe:/o:redhat:rhel_tus:8.6",
    "package" : "kernel-0:4.18.0-372.170.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
    "release_date" : "2025-11-25T00:00:00Z",
    "advisory" : "RHSA-2025:22006",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.6",
    "package" : "kernel-0:4.18.0-372.170.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Extended Update Support",
    "release_date" : "2024-10-15T00:00:00Z",
    "advisory" : "RHSA-2024:8107",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.8",
    "package" : "kernel-0:4.18.0-477.75.1.el8_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-11-26T00:00:00Z",
    "advisory" : "RHSA-2024:10274",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-503.15.1.el9_5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-11-26T00:00:00Z",
    "advisory" : "RHSA-2024:10274",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-503.15.1.el9_5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
    "release_date" : "2025-11-25T00:00:00Z",
    "advisory" : "RHSA-2025:22095",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.2",
    "package" : "kernel-0:5.14.0-284.148.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
    "release_date" : "2025-11-25T00:00:00Z",
    "advisory" : "RHSA-2025:22124",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.2::nfv",
    "package" : "kernel-rt-0:5.14.0-284.148.1.rt14.433.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support",
    "release_date" : "2025-11-06T00:00:00Z",
    "advisory" : "RHSA-2025:19886",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.4",
    "package" : "kernel-0:5.14.0-427.97.1.el9_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Will not fix",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-46679\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-46679\nhttps://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46679-3527@gregkh/T" ],
  "name" : "CVE-2024-46679",
  "csaw" : false
}