ghsa-7x5p-5275-mmvg
Vulnerability from github
Published
2025-01-11 18:30
Modified
2025-01-16 15:32
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details

In the Linux kernel, the following vulnerability has been resolved:

mm/page_alloc: don't call pfn_to_page() on possibly non-existent PFN in split_large_buddy()

In split_large_buddy(), we might call pfn_to_page() on a PFN that might not exist. In corner cases, such as when freeing the highest pageblock in the last memory section, this could result with CONFIG_SPARSEMEM && !CONFIG_SPARSEMEM_EXTREME in __pfn_to_section() returning NULL and and __section_mem_map_addr() dereferencing that NULL pointer.

Let's fix it, and avoid doing a pfn_to_page() call for the first iteration, where we already have the page.

So far this was found by code inspection, but let's just CC stable as the fix is easy.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2024-57881"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-11T16:15:24Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/page_alloc: don\u0027t call pfn_to_page() on possibly non-existent PFN in split_large_buddy()\n\nIn split_large_buddy(), we might call pfn_to_page() on a PFN that might\nnot exist.  In corner cases, such as when freeing the highest pageblock in\nthe last memory section, this could result with CONFIG_SPARSEMEM \u0026\u0026\n!CONFIG_SPARSEMEM_EXTREME in __pfn_to_section() returning NULL and and\n__section_mem_map_addr() dereferencing that NULL pointer.\n\nLet\u0027s fix it, and avoid doing a pfn_to_page() call for the first\niteration, where we already have the page.\n\nSo far this was found by code inspection, but let\u0027s just CC stable as the\nfix is easy.",
  "id": "GHSA-7x5p-5275-mmvg",
  "modified": "2025-01-16T15:32:09Z",
  "published": "2025-01-11T18:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57881"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4234ca9884bcae9e48ed38652d91696ad5cd591d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/faeec8e23c10bd30e8aa759a2eb3018dae00f924"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.