Memory Corruption and Information Leak in Linux Kernel by Vendor
CVE-2024-52319

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 11 January 2025

What is CVE-2024-52319?

A vulnerability in the Linux kernel can lead to memory corruption or information leaks due to the handling of unaligned fault addresses within the hugetlb_no_page() function. When the fault address does not align correctly with the required huge page size, it can adversely affect system stability. The issue arises in the clear_gigantic_page() function, which requires proper alignment. This situation poses significant risks to system integrity and confidentiality, necessitating immediate attention and remediation.

Affected Version(s)

Linux 78fefd04c123493bbf28434768fa577b2153c79b

Linux 78fefd04c123493bbf28434768fa577b2153c79b < 8aca2bc96c833ba695ede7a45ad7784c836a262e

Linux 6.11

References

https://git.kernel.org/stable/c/b79b6fe0737f233f0be146505...

https://git.kernel.org/stable/c/8aca2bc96c833ba695ede7a45...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 11, 2025
Vulnerability Reserved
Jan 11, 2025