Memory Management Flaw in Linux Kernel Affecting Sparse Memory Configuration
CVE-2024-57881

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 11 January 2025

What is CVE-2024-57881?

A memory management vulnerability exists in the Linux kernel related to the handling of page frame numbers (PFNs) within the split_large_buddy() function. In certain scenarios, especially when freeing the highest pageblock in the last memory section with specific configuration settings enabled, the system may incorrectly call pfn_to_page() on a PFN that could potentially not exist. This can lead to null pointer dereference issues, posing risks to system stability and security. A code inspection revealed this flaw, prompting an immediate fix that skips unnecessary calls to pfn_to_page() when the page is already accessible. Users are advised to update to secure versions promptly.

Affected Version(s)

Linux fd919a85cd55be5d00a6a7372071f44c8eafb825 < 4234ca9884bcae9e48ed38652d91696ad5cd591d

Linux fd919a85cd55be5d00a6a7372071f44c8eafb825

Linux 6.10

References

https://git.kernel.org/stable/c/4234ca9884bcae9e48ed38652...

https://git.kernel.org/stable/c/faeec8e23c10bd30e8aa759a2...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 11, 2025
Vulnerability Reserved
Jan 11, 2025