CVE-2024-46784 in Linux
Summary
by MITRE • 09/18/2024
In the Linux kernel, the following vulnerability has been resolved:
net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup
Currently napi_disable() gets called during rxq and txq cleanup, even before napi is enabled and hrtimer is initialized. It causes kernel panic.
? page_fault_oops+0x136/0x2b0 ? page_counter_cancel+0x2e/0x80 ? do_user_addr_fault+0x2f2/0x640 ? refill_obj_stock+0xc4/0x110 ? exc_page_fault+0x71/0x160 ? asm_exc_page_fault+0x27/0x30 ? __mmdrop+0x10/0x180 ? __mmdrop+0xec/0x180 ? hrtimer_active+0xd/0x50 hrtimer_try_to_cancel+0x2c/0xf0 hrtimer_cancel+0x15/0x30 napi_disable+0x65/0x90 mana_destroy_rxq+0x4c/0x2f0 mana_create_rxq.isra.0+0x56c/0x6d0 ? mana_uncfg_vport+0x50/0x50 mana_alloc_queues+0x21b/0x320 ? skb_dequeue+0x5f/0x80
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 04/06/2026
The vulnerability identified as CVE-2024-46784 resides within the Linux kernel's network driver implementation for the Microsoft Azure Network Adapter Mana driver. This flaw manifests in the improper handling of NAPI (Network API) cleanup operations during the creation and destruction of transmit and receive queues. The issue specifically affects the mana_create_txq and mana_create_rxq functions where the napi_disable() routine is invoked prematurely during queue cleanup processes, even before the NAPI subsystem has been properly initialized or enabled. This fundamental timing error creates a critical condition that can lead to system instability and complete kernel panic situations.
The technical root cause of this vulnerability stems from a race condition and improper state management within the driver's queue initialization and cleanup sequences. When the mana driver attempts to create transmit or receive queues, it follows a complex initialization path that includes setting up hardware resources, enabling NAPI subsystem components, and configuring high-resolution timers. However, during error scenarios or cleanup operations, the code path executes napi_disable() before the necessary prerequisites have been satisfied, including the initialization of the hrtimer subsystem that napi_disable() depends upon for proper operation. This violation of expected execution order creates a kernel panic condition that terminates the system's operation.
The operational impact of this vulnerability is severe and directly affects systems running Linux kernels with the Mana network driver enabled, particularly those deployed in Azure cloud environments where this driver is commonly used. The vulnerability can be triggered through normal network operations or during system stress conditions when queue allocation and deallocation occur frequently. The kernel panic resulting from this flaw renders affected systems completely unusable, requiring manual reboot to restore functionality. This makes the vulnerability particularly dangerous in production environments where system uptime is critical, as it can lead to unexpected service interruptions and potential data loss during the reboot process.
From a cybersecurity perspective, this vulnerability aligns with CWE-691, which addresses insufficient control flow management, and represents a classic example of improper error handling in kernel space operations. The flaw also maps to ATT&CK technique T1547.001, which involves establishing persistence through kernel modules, as compromised network drivers can serve as attack vectors for system compromise. The vulnerability's exploitation potential is significant since it can be triggered through normal network operations without requiring special privileges, making it an attractive target for attackers seeking to disrupt system availability. Organizations should immediately apply kernel patches addressing this issue and implement monitoring for potential kernel panic events that might indicate exploitation attempts.
The fix for this vulnerability requires careful modification of the queue creation and destruction logic to ensure proper state management before invoking napi_disable(). The solution must verify that NAPI has been properly enabled and that the hrtimer subsystem is initialized before attempting cleanup operations. This approach prevents the premature invocation of napi_disable() and eliminates the kernel panic condition while maintaining the driver's intended functionality. System administrators should prioritize applying the patched kernel versions and verify that network operations continue to function normally after the update, particularly in virtualized environments where the Mana driver is extensively utilized for Azure network connectivity.