LiveActive security incident?Get immediate response
CVE Record

CVE-2024-46826: ELF: fix kernel.randomize_va_space double read

In the Linux kernel, the following vulnerability has been resolved: ELF: fix kernel.randomize_va_space double read ELF loader uses "randomize_va_space" twice. It is sysctl and can change at any moment, so 2 loads could see 2 different values in theory with unpredictable consequences. Issue exactly one load for consistent value across one exec.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysisunknown

Security readout for executives and security teams

Plain-English summary

This is a Linux kernel correctness issue in how the ELF program loader reads ASLR configuration during process startup. The source says the value could change between two reads, causing inconsistent behavior. No CVSS score, CWE, concrete impact, or active exploitation evidence is provided.

Executive priority

Treat as routine kernel maintenance unless vendor guidance raises severity for your distribution. There is no source-backed evidence of active exploitation, but kernel fixes should not be deferred indefinitely on shared or exposed systems.

Technical view

The ELF loader read the sysctl kernel.randomize_va_space twice during exec. Because sysctl values can change at runtime, one exec path could theoretically observe two different ASLR settings. The fix changes the loader to read the setting once and reuse that consistent value.

Likely exposure

Exposure is limited to systems running affected Linux kernel versions or downstream packages that had not incorporated the referenced stable fixes. Distribution-specific exposure requires checking the installed kernel package against vendor advisories, such as Debian LTS guidance.

Exploitation context

The bundle does not cite KEV listing, public exploitation, exploit code, or demonstrated impact. The described issue is a race or consistency flaw with unpredictable consequences, not a clearly documented remote or local privilege escalation.

Researcher notes

The core issue is consistency across a single exec, not the ASLR policy value itself. Evidence is sparse: no CVSS, CWE, proof of exploitability, or impact class is included. Focus validation on patch presence rather than exploit reproduction.

Mitigation direction

  • Apply Linux kernel updates from the operating system vendor.
  • Check whether vendor kernels include the referenced stable commits.
  • Prioritize internet-facing and multi-user Linux systems in normal patch cycles.
  • Review Debian LTS advisory if using affected Debian packages.

Validation and detection

  • Inventory Linux kernel versions across servers, containers hosts, and appliances.
  • Compare installed kernels against distribution security advisories and fixed packages.
  • Confirm kernel.randomize_va_space remains managed by approved hardening policy.
  • Verify patched hosts rebooted into the updated kernel.
Prepared
Confidence
medium
Sources
7

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2024-46826 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
2ADP providers
6Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
other:ssvc
CVECVE Program Container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux32a932332c8bad842804842eaf9651ad6268e637, 32a932332c8bad842804842eaf9651ad6268e637, 32a932332c8bad842804842eaf9651ad6268e637, 32a932332c8bad842804842eaf9651ad6268e637unaffected
LinuxLinux2.6.25, 0, 6.1.110, 6.6.51, 6.10.10, 6.11affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.