CVE-2024-49872
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
mm/gup: fix memfd_pin_folios alloc race panic
If memfd_pin_folios tries to create a hugetlb page, but someone else already did, then folio gets the value -EEXIST here:
folio = memfd_alloc_folio(memfd, start_idx);
if (IS_ERR(folio)) {
ret = PTR_ERR(folio);
if (ret != -EEXIST)
goto err;
then on the next trip through the "while start_idx" loop we panic here:
if (folio) {
folio_put(folio);
To fix, set the folio to NULL on error.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 89c1905d9c140372b7f50ef48f42378cf85d9bc5 < e28f39b359c0cfdcc011603e51187085a5f1e5e3 | affected |
| Linux | Linux | 89c1905d9c140372b7f50ef48f42378cf85d9bc5 < ce645b9fdc78ec5d28067286e92871ddae6817d5 | affected |
| Linux | Linux | 6.11 | affected |
| Linux | Linux | 0 < 6.11 | unaffected |
| Linux | Linux | 6.11.3 <= 6.11.* | unaffected |
| Linux | Linux | 6.12 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/e28f39b359c0cfdcc011603e51187085a5f1e5e3
- https://git.kernel.org/stable/c/ce645b9fdc78ec5d28067286e92871ddae6817d5
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.