Early Access — Mondoo Vulnerability Intelligence is currently in preview.

CVE-2024-49872

MEDIUM4.7

mm/gup: fix memfd_pin_folios alloc race panic

Published Oct 21, 2024

Modified 8 months ago

No fix available

Details

In the Linux kernel, the following vulnerability has been resolved:

mm/gup: fix memfd_pin_folios alloc race panic

If memfd_pin_folios tries to create a hugetlb page, but someone else already did, then folio gets the value -EEXIST here:

    folio = memfd_alloc_folio(memfd, start_idx);
    if (IS_ERR(folio)) {
            ret = PTR_ERR(folio);
            if (ret != -EEXIST)
                    goto err;

then on the next trip through the "while start_idx" loop we panic here:

    if (folio) {
            folio_put(folio);

To fix, set the folio to NULL on error.

References

WEBhttps://git.kernel.org/stable/c/ce645b9fdc78ec5d28067286e92871ddae6817d5 WEBhttps://git.kernel.org/stable/c/e28f39b359c0cfdcc011603e51187085a5f1e5e3 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2024-49872

CVSS Analysis

CVSS v3.1

4.7

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

HighAC:H

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

HighA:H

4.7/CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Ecosystems

Timeline

PublishedOct 21, 2024

ModifiedMay 4, 2025

CVE-2024-49872 | Mondoo Vulnerability Intelligence