Linux Distros Unpatched Vulnerability : CVE-2024-47813

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(250482);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/05/21");

  script_cve_id("CVE-2024-47813");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2024-47813");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - Wasmtime is an open source runtime for WebAssembly. Under certain concurrent event orderings, a
    `wasmtime::Engine`'s internal type registry was susceptible to double-unregistration bugs due to a race
    condition, leading to panics and potentially type registry corruption. That registry corruption could,
    following an additional and particular sequence of concurrent events, lead to violations of WebAssembly's
    control-flow integrity (CFI) and type safety. Users that do not use `wasmtime::Engine` across multiple
    threads are not affected. Users that only create new modules across threads over time are additionally not
    affected. Reproducing this bug requires creating and dropping multiple type instances (such as
    `wasmtime::FuncType` or `wasmtime::ArrayType`) concurrently on multiple threads, where all types are
    associated with the same `wasmtime::Engine`. **Wasm guests cannot trigger this bug.** See the References
    section below for a list of Wasmtime types-related APIs that are affected. Wasmtime maintains an internal
    registry of types within a `wasmtime::Engine` and an engine is shareable across threads. Types can be
    created and referenced through creation of a `wasmtime::Module`, creation of `wasmtime::FuncType`, or a
    number of other APIs where the host creates a function (see References below). Each of these cases
    interacts with an engine to deduplicate type information and manage type indices that are used to
    implement type checks in WebAssembly's `call_indirect` function, for example. This bug is a race condition
    in this management where the internal type registry could be corrupted to trigger an assert or contain
    invalid state. Wasmtime's internal representation of a type has individual types (e.g. one-per-host-
    function) maintain a registration count of how many time it's been used. Types additionally have state
    within an engine behind a read-write lock such as lookup/deduplication information. The race here is a
    time-of-check versus time-of-use (TOCTOU) bug where one thread atomically decrements a type entry's
    registration count, observes zero registrations, and then acquires a lock in order to unregister that
    entry. However, between when this first thread observed the zero-registration count and when it acquires
    that lock, another thread could perform the following sequence of events: re-register another copy of the
    type, which deduplicates to that same entry, resurrecting it and incrementing its registration count; then
    drop the type and decrement its registration count; observe that the registration count is now zero;
    acquire the type registry lock; and finally unregister the type. Now, when the original thread finally
    acquires the lock and unregisters the entry, it is the second time this entry has been unregistered. This
    bug was originally introduced in Wasmtime 19's development of the WebAssembly GC proposal. This bug
    affects users who are not using the GC proposal, however, and affects Wasmtime in its default
    configuration even when the GC proposal is disabled. Wasmtime users using 19.0.0 and after are all
    affected by this issue. We have released the following Wasmtime versions, all of which have a fix for this
    bug: * 21.0.2 * 22.0.1 * 23.0.3 * 24.0.1 * 25.0.2. If your application creates and drops Wasmtime types on
    multiple threads concurrently, there are no known workarounds. Users are encouraged to upgrade to a
    patched release. (CVE-2024-47813)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2024-47813");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:U/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:U/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-47813");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/10/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/18");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:24.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:25.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:25.10");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:rust-wasmtime");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Ubuntu Linux-24.04", "Host/OS/Ubuntu Linux-25.04", "Host/OS/Ubuntu Linux-25.10");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Ubuntu Linux-24.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "24.04",
        "pkgs": [
          {"reference": "rust-wasmtime"}
        ]
      }
    ]
  },
  "Ubuntu Linux-25.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "25.04",
        "pkgs": [
          {"reference": "rust-wasmtime"}
        ]
      }
    ]
  },
  "Ubuntu Linux-25.10": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "25.10",
        "pkgs": [
          {"reference": "rust-wasmtime"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_NOTE,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}