LiveActive security incident?Get immediate response
CVE Record

CVE-2024-46761: pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv

In the Linux kernel, the following vulnerability has been resolved: pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv The hotplug driver for powerpc (pci/hotplug/pnv_php.c) causes a kernel crash when we try to hot-unplug/disable the PCIe switch/bridge from the PHB. The crash occurs because although the MSI data structure has been released during disable/hot-unplug path and it has been assigned with NULL, still during unregistration the code was again trying to explicitly disable the MSI which causes the NULL pointer dereference and kernel crash. The patch fixes the check during unregistration path to prevent invoking pci_disable_msi/msix() since its data structure is already freed.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

This is a Linux kernel crash bug affecting a narrow class of PowerNV powerpc systems during PCIe hot-unplug or disable operations. If triggered, the host can crash. The sources do not show remote exploitation, active exploitation, or a complete severity score.

Executive priority

Treat as a targeted availability risk, not a broad internet-facing emergency. Patch affected PowerNV Linux hosts during normal maintenance, sooner for systems where PCIe hotplug is operationally important.

Technical view

The PowerNV PCI hotplug driver can dereference a NULL MSI/MSI-X structure during unregistration after disable or hot-unplug already freed it. The stable kernel patch prevents calling pci_disable_msi/msix when the data structure is already released.

Likely exposure

Exposure appears limited to Linux systems on PowerNV powerpc hardware using the pnv_php PCI hotplug path, especially hosts where PCIe switches or bridges may be hot-unplugged or disabled.

Exploitation context

CISA KEV status is false in the supplied bundle. The cited sources describe a crash condition during hotplug handling, but do not provide evidence of active exploitation or a remote attack path.

Researcher notes

The affected data comes from the CVE record and stable kernel references. Version ranges are unusual in the bundle and should be reconciled against actual distro kernel builds before declaring systems vulnerable or fixed.

Mitigation direction

  • Apply Linux kernel updates containing the referenced stable fixes.
  • Follow distribution advisories, including Debian LTS where applicable.
  • Prioritize PowerNV hosts that rely on PCIe hotplug operations.
  • If no update is available, check vendor guidance before using operational workarounds.

Validation and detection

  • Inventory PowerNV powerpc Linux systems and kernel versions.
  • Check whether the running kernel includes the referenced stable fix commit.
  • Review kernel logs for crashes around PCIe hot-unplug or bridge disable events.
  • Confirm distribution kernels are updated according to vendor advisories.
Prepared
Confidence
medium
Sources
11

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2024-46761 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
2ADP providers
10Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
other:ssvc
CVECVE Program Container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux49f4b08e61547a5ccd2db551d994c4503efe5666, 49f4b08e61547a5ccd2db551d994c4503efe5666, 49f4b08e61547a5ccd2db551d994c4503efe5666, 49f4b08e61547a5ccd2db551d994c4503efe5666, 49f4b08e61547a5ccd2db551d994c4503efe5666, 49f4b08e61547a5ccd2db551d994c4503efe5666, 49f4b08e61547a5ccd2db551d994c4503efe5666, 49f4b08e61547a5ccd2db551d994c4503efe5666, 1fb738a3dc1304250c755e5e31715137c1c44c50, bc4c9766324a7e9fda48de58691796430c8511bf, 4.9.14, 4.10.2unaffected
LinuxLinux4.11, 0, 4.19.322, 5.4.284, 5.10.226, 5.15.167, 6.1.110, 6.6.51, 6.10.10, 6.11affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.