CVE-2024-49872

Summary

In the Linux kernel, the following vulnerability has been resolved:

mm/gup: fix memfd_pin_folios alloc race panic

If memfd_pin_folios tries to create a hugetlb page, but someone else already did, then folio gets the value -EEXIST here:

    folio = memfd_alloc_folio(memfd, start_idx);
    if (IS_ERR(folio)) {
            ret = PTR_ERR(folio);
            if (ret != -EEXIST)
                    goto err;

then on the next trip through the "while start_idx" loop we panic here:

    if (folio) {
            folio_put(folio);

To fix, set the folio to NULL on error.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux89c1905d9c140372b7f50ef48f42378cf85d9bc5 < e28f39b359c0cfdcc011603e51187085a5f1e5e3affected
LinuxLinux89c1905d9c140372b7f50ef48f42378cf85d9bc5 < ce645b9fdc78ec5d28067286e92871ddae6817d5affected
LinuxLinux6.11affected
LinuxLinux0 < 6.11unaffected
LinuxLinux6.11.3 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References