ELS for OS
- CVEs
- Releases
- Projects
- Documentation
Live Patches
ELS for PHP
- CVEs
- Releases
- Projects
- Documentation
ELS for Python
- CVEs
- Releases
- Projects
- Documentation
ELS for Dotnet
- CVEs
- Releases
- Projects
- Documentation
ELS for Node.js
- CVEs
- Releases
- Projects
- Documentation

CVE-2024-46800

Updated: 2026-02-27 02:23:51.810341

Description:

In the Linux kernel, the following vulnerability has been resolved: sch/netem: fix use after free in netem_dequeue If netem_dequeue() enqueues packet to inner qdisc and that qdisc returns __NET_XMIT_STOLEN. The packet is dropped but qdisc_tree_reduce_backlog() is not called to update the parent's q.qlen, leading to the similar use-after-free as Commit e04991a48dbaf382 ("netem: fix return value if duplicate enqueue fails") Commands to trigger KASAN UaF: ip link add type dummy ip link set lo up ip link set dummy0 up tc qdisc add dev lo parent root handle 1: drr tc filter add dev lo parent 1: basic classid 1:1 tc class add dev lo classid 1:1 drr tc qdisc add dev lo parent 1:1 handle 2: netem tc qdisc add dev lo parent 2: handle 3: drr tc filter add dev lo parent 3: basic classid 3:1 action mirred egress redirect dev dummy0 tc class add dev lo classid 3:1 drr ping -c1 -W0.01 localhost # Trigger bug tc class del dev lo classid 1:1 tc class add dev lo classid 1:1 drr ping -c1 -W0.01 localhost # UaF

Links	NIST	CIRCL	RHEL	Ubuntu

Severity

	Severity	Score
CVSS Version 2.x		0.0
CVSS Version 3.x	HIGH	7.8

Status

OS name	Project name	Version	Score	Severity	Status	Errata	Last updated	Statement
AlmaLinux 9.2 ESU	kernel	5.14.0	7.8	HIGH	Released	CLSA-2025:1743193221	2024-10-21 17:30:27
CentOS 7 ELS	kernel	3.10.0	7.8	HIGH	Released	CLSA-2024:1727692412	2024-10-14 17:32:58
CentOS 8.4 ELS	kernel	4.18.0	7.8	HIGH	Released	CLSA-2024:1727690947	2024-09-30 10:48:06
CentOS 8.5 ELS	kernel	4.18.0	7.8	HIGH	Released	CLSA-2024:1727690025	2024-09-30 10:48:07
CentOS Stream 8 ELS	kernel	4.18.0	7.8	HIGH	Released	CLSA-2024:1729874131	2024-10-25 14:32:56
CloudLinux 7 ELS	kernel	3.10.0	7.8	HIGH	Ignored		2025-01-10 22:43:35	CloudLinux 6 and 7 support is limited and provided on demand. We strongly recommend upgrading to Clo...
Oracle Linux 7 ELS	kernel	3.10.0	7.8	HIGH	Released	CLSA-2025:1742322442	2025-03-25 03:29:34
Oracle Linux 7 ELS	kernel-uek	5.4.17	7.8	HIGH	Already Fixed		2026-02-04 01:40:54
RHEL 7 ELS	kernel	3.10.0	7.8	HIGH	Released	CLSA-2025:1750353839	2025-06-20 04:47:11
Ubuntu 16.04 ELS	linux-hwe	4.15.0	7.8	HIGH	Released	CLSA-2024:1728584752	2024-10-10 14:29:03

Total: 12