5.5
CVE-2024-36000
- EPSS 0.23%
- Veröffentlicht 20.05.2024 10:15:14
- Zuletzt bearbeitet 23.09.2025 18:23:11
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
mm/hugetlb: fix missing hugetlb_lock for resv uncharge
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix missing hugetlb_lock for resv uncharge There is a recent report on UFFDIO_COPY over hugetlb: https://lore.kernel.org/all/000000000000ee06de0616177560@google.com/ 350: lockdep_assert_held(&hugetlb_lock); Should be an issue in hugetlb but triggered in an userfault context, where it goes into the unlikely path where two threads modifying the resv map together. Mike has a fix in that path for resv uncharge but it looks like the locking criteria was overlooked: hugetlb_cgroup_uncharge_folio_rsvd() will update the cgroup pointer, so it requires to be called with the lock held.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.9.7 < 5.10
Linux ≫ Linux Kernel Version >= 5.10.1 < 6.1.91
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.30
Linux ≫ Linux Kernel Version >= 6.7 < 6.8.9
Linux ≫ Linux Kernel Version5.10 Update-
Linux ≫ Linux Kernel Version5.10 Updaterc3
Linux ≫ Linux Kernel Version5.10 Updaterc4
Linux ≫ Linux Kernel Version5.10 Updaterc5
Linux ≫ Linux Kernel Version5.10 Updaterc6
Linux ≫ Linux Kernel Version5.10 Updaterc7
Linux ≫ Linux Kernel Version6.9 Updaterc1
Linux ≫ Linux Kernel Version6.9 Updaterc2
Linux ≫ Linux Kernel Version6.9 Updaterc3
Linux ≫ Linux Kernel Version6.9 Updaterc4
Linux ≫ Linux Kernel Version6.9 Updaterc5
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.128 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-617 Reachable Assertion
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
https://git.kernel.org/stable/c/4c806333efea1000a2a9620926f560ad2e1ca7cc
https://git.kernel.org/stable/c/538faabf31e9c53d8c870d114846fda958a0de10
https://git.kernel.org/stable/c/b76b46902c2d0395488c8412e1116c2486cdfcb2
https://git.kernel.org/stable/c/f6c5d21db16a0910152ec8aa9d5a7aed72694505