Fix for iov_iter vulnerability in Linux kernel
CVE-2024-50222

7.8HIGH

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
9 November 2024

What is CVE-2024-50222?

A vulnerability has been identified in the Linux kernel that particularly affects the handling of high memory within x86_32 architectures utilizing the CONFIG_DEBUG_KMAP_LOCAL_FORCE_MAP configuration. The issue arises in the copy_page_from_iter_atomic() function, which can lead to a system hang when managing memory in certain circumstances with tmpfs setups. This occurs under specific conditions where a warning is triggered, indicating a failure to manage memory resources efficiently. The ongoing discussion also raises the question of whether the CONFIG_DEBUG_KMAP_LOCAL_FORCE_MAP option continues to serve a valuable purpose or should be deprecated altogether.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 908a1ad89466c1febf20bfe0037b84fc66f8a3f8 < 4f7ffa83fa79dd52efbaef366c850aaaae06a469

Linux 908a1ad89466c1febf20bfe0037b84fc66f8a3f8 < 3a303409f271dfe0987b8f79595138340497a32d

Linux 908a1ad89466c1febf20bfe0037b84fc66f8a3f8

References

https://git.kernel.org/stable/c/4f7ffa83fa79dd52efbaef366...
https://git.kernel.org/stable/c/3a303409f271dfe0987b8f795...
https://git.kernel.org/stable/c/c749d9b7ebbc5716af7a95f77...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.