ID

VAR-202409-2104


CVE

CVE-2024-46745


TITLE

Linux  of  Linux Kernel  Vulnerability in resource allocation without restrictions or throttling in

Trust: 0.8

sources: JVNDB: JVNDB-2024-028463

DESCRIPTION

In the Linux kernel, the following vulnerability has been resolved: Input: uinput - reject requests with unreasonable number of slots When exercising uinput interface syzkaller may try setting up device with a really large number of slots, which causes memory allocation failure in input_mt_init_slots(). While this allocation failure is handled properly and request is rejected, it results in syzkaller reports. Additionally, such request may put undue burden on the system which will try to free a lot of memory for a bogus request. Fix it by limiting allowed number of slots to 100. This can easily be extended if we see devices that can track more than 100 contacts. Linux of Linux Kernel Exists in a vulnerability in resource allocation without restrictions or throttling.Service operation interruption (DoS) It may be in a state. The RUGGEDCOM RST2428P is a Layer 2 Ethernet switch based on SINEC OS with up to 28 non-blocking interfaces. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) and human-machine interfaces (HMIs). Multiple vulnerabilities exist in third-party components prior to SIEMENS SINEC OS V3.2. These vulnerabilities could be exploited to corrupt values, leading to undefined behavior or security issues

Trust: 2.16

sources: NVD: CVE-2024-46745 // JVNDB: JVNDB-2024-028463 // CNVD: CNVD-2025-19350

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-19350

AFFECTED PRODUCTS

vendor:linuxmodel:kernelscope:eqversion:6.11

Trust: 1.8

vendor:linuxmodel:kernelscope:gteversion:5.11

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.20

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.4.284

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:5.5

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:6.7

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:6.6.51

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:6.2

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:5.16

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:6.10.10

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:6.1.110

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.10.226

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.19.322

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.15.167

Trust: 1.0

vendor:linuxmodel:kernelscope:eqversion:4.20 that's all 5.4.284

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:4.19.322

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:6.7 that's all 6.10.10

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:5.11 that's all 5.15.167

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:6.2 that's all 6.6.51

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion: -

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:5.16 that's all 6.1.110

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:5.5 that's all 5.10.226

Trust: 0.8

vendor:siemensmodel:ruggedcom rst2428pscope:ltversion:v3.2

Trust: 0.6

vendor:siemensmodel:scalance xc-300/xr-300/xc-400/xr-500wg/xr-500 familyscope:ltversion:v3.2

Trust: 0.6

vendor:siemensmodel:scalance xcm-/xrm-/xch-/xrh-300 familyscope:ltversion:v3.2

Trust: 0.6

sources: CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-028463 // NVD: CVE-2024-46745

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-46745
value: MEDIUM

Trust: 1.0

NVD: CVE-2024-46745
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2025-19350
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-19350
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-46745
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2024-46745
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-028463 // NVD: CVE-2024-46745

PROBLEMTYPE DATA

problemtype:CWE-770

Trust: 1.0

problemtype:Allocation of resources without limits or throttling (CWE-770) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-028463 // NVD: CVE-2024-46745

PATCH

title:Linux Kernel Archivesurl:https://git.kernel.org/stable/c/206f533a0a7c683982af473079c4111f4a0f9f5e

Trust: 0.8

title:Patch for Multiple vulnerabilities exist in third-party components of SIEMENS SINEC OS V3.2 and earlierurl:https://www.cnvd.org.cn/patchInfo/show/723061

Trust: 0.6

sources: CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-028463

EXTERNAL IDS

db:NVDid:CVE-2024-46745

Trust: 2.6

db:SIEMENSid:SSA-355557

Trust: 1.6

db:SIEMENSid:SSA-398330

Trust: 1.0

db:SIEMENSid:SSA-265688

Trust: 1.0

db:JVNid:JVNVU92169998

Trust: 0.8

db:ICS CERTid:ICSA-25-226-07

Trust: 0.8

db:JVNDBid:JVNDB-2024-028463

Trust: 0.8

db:CNVDid:CNVD-2025-19350

Trust: 0.6

sources: CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-028463 // NVD: CVE-2024-46745

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-355557.html

Trust: 1.6

url:https://git.kernel.org/stable/c/9c6d189f0c1c59ba9a32326ec82a0b367a3cd47b

Trust: 1.0

url:https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Trust: 1.0

url:https://git.kernel.org/stable/c/d76fc0f0b18d49b7e721c9e4975ef4bffde2f3e7

Trust: 1.0

url:https://git.kernel.org/stable/c/51fa08edd80003db700bdaa099385c5900d27f4b

Trust: 1.0

url:https://git.kernel.org/stable/c/a4858b00a1ec57043697fb935565fe267f161833

Trust: 1.0

url:https://cert-portal.siemens.com/productcert/html/ssa-265688.html

Trust: 1.0

url:https://git.kernel.org/stable/c/61df76619e270a46fd427fbdeb670ad491c42de2

Trust: 1.0

url:https://git.kernel.org/stable/c/206f533a0a7c683982af473079c4111f4a0f9f5e

Trust: 1.0

url:https://cert-portal.siemens.com/productcert/html/ssa-398330.html

Trust: 1.0

url:https://git.kernel.org/stable/c/597ff930296c4c8fc6b6a536884d4f1a7187ec70

Trust: 1.0

url:https://git.kernel.org/stable/c/9719687398dea8a6a12a10321a54dd75eec7ab2d

Trust: 1.0

url:https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html

Trust: 1.0

url:https://jvn.jp/vu/jvnvu92169998/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-46745

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07

Trust: 0.8

sources: CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-028463 // NVD: CVE-2024-46745

SOURCES

db:CNVDid:CNVD-2025-19350
db:JVNDBid:JVNDB-2024-028463
db:NVDid:CVE-2024-46745

LAST UPDATE DATE

2026-06-19T21:42:15.290000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-19350date:2025-08-22T00:00:00
db:JVNDBid:JVNDB-2024-028463date:2025-10-06T08:55:00
db:NVDid:CVE-2024-46745date:2026-05-12T12:17:11.693

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-19350date:2025-08-12T00:00:00
db:JVNDBid:JVNDB-2024-028463date:2025-10-06T00:00:00
db:NVDid:CVE-2024-46745date:2024-09-18T08:15:03.667