CVE-2024-26947
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses
Since commit a4d5613c4dc6 ("arm: extend pfn_valid to take into account freed memory map alignment") changes the semantics of pfn_valid() to check presence of the memory map for a PFN. A valid page for an address which is reserved but not mapped by the kernel1, the system crashed during some uio test with the following memory layout:
node 0: [mem 0x00000000c0a00000-0x00000000cc8fffff] node 0: [mem 0x00000000d0000000-0x00000000da1fffff] the uio layout is:0xc0900000, 0x100000
the crash backtrace like:
Unable to handle kernel paging request at virtual address bff00000 […] CPU: 1 PID: 465 Comm: startapp.bin Tainted: G O 5.10.0 #1 Hardware name: Generic DT based system PC is at b15_flush_kern_dcache_area+0x24/0x3c LR is at __sync_icache_dcache+0x6c/0x98 […] (b15_flush_kern_dcache_area) from (__sync_icache_dcache+0x6c/0x98) (__sync_icache_dcache) from (set_pte_at+0x28/0x54) (set_pte_at) from (remap_pfn_range+0x1a0/0x274) (remap_pfn_range) from (uio_mmap+0x184/0x1b8 [uio]) (uio_mmap [uio]) from (__mmap_region+0x264/0x5f4) (__mmap_region) from (__do_mmap_mm+0x3ec/0x440) (__do_mmap_mm) from (do_mmap+0x50/0x58) (do_mmap) from (vm_mmap_pgoff+0xfc/0x188) (vm_mmap_pgoff) from (ksys_mmap_pgoff+0xac/0xc4) (ksys_mmap_pgoff) from (ret_fast_syscall+0x0/0x5c) Code: e0801001 e2423001 e1c00003 f57ff04f (ee070f3e) —[ end trace 09cf0734c3805d52 ]— Kernel panic - not syncing: Fatal exception
So check if PG_reserved was set to solve this issue.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | a4d5613c4dc6d413e0733e37db9d116a2a36b9f3 < 0c027c2bad7f5111c51a358b5d392e1a695dabff | affected |
| Linux | Linux | a4d5613c4dc6d413e0733e37db9d116a2a36b9f3 < 9f7ddc222cae8254e93d5c169a8ae11a49d912a7 | affected |
| Linux | Linux | a4d5613c4dc6d413e0733e37db9d116a2a36b9f3 < fb3a122a978626b33de3367ee1762da934c0f512 | affected |
| Linux | Linux | a4d5613c4dc6d413e0733e37db9d116a2a36b9f3 < 0c66c6f4e21cb22220cbd8821c5c73fc157d20dc | affected |
| Linux | Linux | 6026d4032dbbe3d7f4ac2c8daa923fe74dcf41c4 | affected |
| Linux | Linux | 65c578935bcc26ddc04e6757b2c7be95bf235b31 | affected |
| Linux | Linux | 5.4.167 < 5.5 | affected |
| Linux | Linux | 5.10.87 < 5.11 | affected |
| Linux | Linux | 5.14 | affected |
| Linux | Linux | 0 < 5.14 | unaffected |
| Linux | Linux | 6.6.24 <= 6.6.* | unaffected |
| Linux | Linux | 6.7.12 <= 6.7.* | unaffected |
| Linux | Linux | 6.8.3 <= 6.8.* | unaffected |
| Linux | Linux | 6.9 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/0c027c2bad7f5111c51a358b5d392e1a695dabff
- https://git.kernel.org/stable/c/9f7ddc222cae8254e93d5c169a8ae11a49d912a7
- https://git.kernel.org/stable/c/fb3a122a978626b33de3367ee1762da934c0f512
- https://git.kernel.org/stable/c/0c66c6f4e21cb22220cbd8821c5c73fc157d20dc
References
- https://git.kernel.org/stable/c/0c027c2bad7f5111c51a358b5d392e1a695dabff
- https://git.kernel.org/stable/c/9f7ddc222cae8254e93d5c169a8ae11a49d912a7
- https://git.kernel.org/stable/c/fb3a122a978626b33de3367ee1762da934c0f512
- https://git.kernel.org/stable/c/0c66c6f4e21cb22220cbd8821c5c73fc157d20dc
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.