CVE-2024-46741 in Linuxinfo

Summary

by MITRE • 09/18/2024

In the Linux kernel, the following vulnerability has been resolved:

misc: fastrpc: Fix double free of 'buf' in error path

smatch warning: drivers/misc/fastrpc.c:1926 fastrpc_req_mmap() error: double free of 'buf'

In fastrpc_req_mmap() error path, the fastrpc buffer is freed in fastrpc_req_munmap_impl() if unmap is successful.

But in the end, there is an unconditional call to fastrpc_buf_free(). So the above case triggers the double free of fastrpc buf.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 04/05/2026

The vulnerability identified as CVE-2024-46741 resides within the Linux kernel's fastrpc subsystem, specifically in the drivers/misc/fastrpc.c file where a critical double free error has been discovered. This flaw manifests in the fastrpc_req_mmap() function's error handling path, creating a scenario where memory management becomes corrupted through improper resource deallocation. The issue stems from a fundamental flaw in the kernel's memory cleanup logic where the same buffer memory location is freed twice during error conditions, leading to potential system instability and security implications.

The technical root cause of this vulnerability can be traced to improper error path management within the fastrpc driver implementation. When an error occurs during the mmap operation, the code attempts to clean up resources by calling fastrpc_req_munmap_impl() which handles the unmap process and frees the buffer if successful. However, the code structure includes an additional unconditional call to fastrpc_buf_free() at the end of the function, regardless of whether the buffer has already been freed during the error handling phase. This creates a classic double free condition where the same memory block is deallocated twice, violating fundamental memory safety principles and potentially allowing for memory corruption or exploitation.

This vulnerability falls under CWE-415, which specifically addresses double free conditions in software implementations. The operational impact of this flaw extends beyond simple memory corruption as it can lead to system crashes, denial of service conditions, or potentially enable privilege escalation attacks. The fastrpc subsystem is designed to facilitate high-performance remote procedure calls between different processor cores or subsystems, making it a critical component in embedded systems and mobile devices that rely on such communication mechanisms. When compromised, this vulnerability can disrupt the normal operation of the entire system and compromise the integrity of inter-process communications.

The potential attack surface for this vulnerability is particularly concerning given that it exists within kernel space memory management functions that are frequently accessed during normal system operation. Attackers could potentially exploit this double free condition to execute arbitrary code with kernel privileges, especially if the memory corruption leads to control flow hijacking or information disclosure. The vulnerability aligns with ATT&CK technique T1068, which involves exploiting weaknesses in privilege escalation mechanisms, and T1547, which covers registry modification and system-level privilege abuse. System administrators should prioritize patching this vulnerability as it represents a critical security risk that could be leveraged for persistent system compromise.

Mitigation strategies for CVE-2024-46741 primarily involve applying the official kernel patches that correct the double free condition by ensuring proper resource cleanup logic. The fix typically requires modifying the error handling path to prevent the unconditional buffer free call when the buffer has already been freed during the unmap operation. Additionally, system administrators should implement monitoring for unusual system behavior or crashes that might indicate exploitation attempts. The recommended approach includes verifying the kernel version and applying security updates from trusted sources, as well as conducting security audits of systems that utilize the fastrpc subsystem to ensure no exploitation attempts have occurred. Regular security assessments and kernel hardening measures should be implemented to prevent similar vulnerabilities from emerging in other kernel subsystems.

Responsible

Linux

Reservation

09/11/2024

Disclosure

09/18/2024

Moderation

accepted

CPE

ready

EPSS

0.00246

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!