Vulnerability Details CVE-2024-49872
In the Linux kernel, the following vulnerability has been resolved:
mm/gup: fix memfd_pin_folios alloc race panic
If memfd_pin_folios tries to create a hugetlb page, but someone else
already did, then folio gets the value -EEXIST here:
folio = memfd_alloc_folio(memfd, start_idx);
if (IS_ERR(folio)) {
ret = PTR_ERR(folio);
if (ret != -EEXIST)
goto err;
then on the next trip through the "while start_idx" loop we panic here:
if (folio) {
folio_put(folio);
To fix, set the folio to NULL on error.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 3.7%
CVSS Severity
CVSS v3 Score 4.7
References
Products affected by CVE-2024-49872
-
cpe:2.3:o:linux:linux_kernel:6.11
-
cpe:2.3:o:linux:linux_kernel:6.11.1
-
cpe:2.3:o:linux:linux_kernel:6.11.2