5.5

CVE-2024-40948

mm/page_table_check: fix crash on ZONE_DEVICE

In the Linux kernel, the following vulnerability has been resolved:

mm/page_table_check: fix crash on ZONE_DEVICE

Not all pages may apply to pgtable check.  One example is ZONE_DEVICE
pages: they map PFNs directly, and they don't allocate page_ext at all
even if there's struct page around.  One may reference
devm_memremap_pages().

When both ZONE_DEVICE and page-table-check enabled, then try to map some
dax memories, one can trigger kernel bug constantly now when the kernel
was trying to inject some pfn maps on the dax device:

 kernel BUG at mm/page_table_check.c:55!

While it's pretty legal to use set_pxx_at() for ZONE_DEVICE pages for page
fault resolutions, skip all the checks if page_ext doesn't even exist in
pgtable checker, which applies to ZONE_DEVICE but maybe more.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.17 < 6.1.96
LinuxLinux Kernel Version >= 6.2 < 6.6.36
LinuxLinux Kernel Version >= 6.7 < 6.9.7
LinuxLinux Kernel Version6.10 Updaterc1
LinuxLinux Kernel Version6.10 Updaterc2
LinuxLinux Kernel Version6.10 Updaterc3
LinuxLinux Kernel Version6.10 Updaterc4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.159
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/51897f99351fff7b57f4f141940fa93b4e90fd2b
Patch
https://git.kernel.org/stable/c/84d3549d54f5ff9fa3281257be3019386f51d1a0
Patch
https://git.kernel.org/stable/c/8bb592c2eca8fd2bc06db7d80b38da18da4a2f43
Patch
https://git.kernel.org/stable/c/dec2382247860d2134c8d41e103e26460c099629
Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html