CVE-2024-35993
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-35993
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-35993.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-35993
- Downstream
- Published
- 2024-05-20T09:47:57.739Z
- Modified
- 2025-11-20T04:21:15.596357Z
- Summary
- mm: turn folio_test_hugetlb into a PageType
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
mm: turn foliotesthugetlb into a PageType
The current foliotesthugetlb() can be fooled by a concurrent folio split into returning true for a folio which has never belonged to hugetlbfs. This can't happen if the caller holds a refcount on it, but we have a few places (memory-failure, compaction, procfs) which do not and should not take a speculative reference.
Since hugetlb pages do not use individual page mapcounts (they are always fully mapped and use the entiremapcount field to record the number of mappings), the PageType field is available now that pagemapcount() ignores the value in this field.
In compaction and with CONFIGDEBUGVM enabled, the current implementation can result in an oops, as reported by Luis. This happens since 9c5ccf2db04b ("mm: remove HUGETLBPAGEDTOR") effectively added some VMBUGON() checks in the PageHuge() testing path.
[willy@infradead.org: update vmcoreinfo]
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced9c5ccf2db04b8d7c3df363fdd4856c2b79ab2c6aFixed2431b5f2650dfc47ce782d1ca7b02d6b3916976f
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced9c5ccf2db04b8d7c3df363fdd4856c2b79ab2c6aFixed9fdcc5b6359dfdaa52a55033bf50e2cedd66eb32
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced9c5ccf2db04b8d7c3df363fdd4856c2b79ab2c6aFixedd99e3140a4d33e26066183ff727d8f02f56bec64
Affected versions
v6.*
v6.5
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1
v6.8.2
v6.8.3
v6.8.4
v6.8.5
v6.8.6
v6.8.7
v6.8.8
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
Database specific
vanir_signatures
[
{
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "mm/hugetlb.c"
},
"digest": {
"line_hashes": [
"198152094242655609692343306363062184888",
"1016365939070314568335721798217034205",
"157255061302657885469976978861869626221",
"81034860245105612081365113470645835290",
"241490418141989655817140342306567126327",
"202159100492447513302188665392354242302",
"110157953097940557986472133969975539667",
"160248207401619660385310140770578992900",
"241112889432626775826654577345352266022",
"53793373137724009443086086619310667676",
"292020607475831478069242854768183616507",
"53542893560065945792583972710435754057",
"133737340290612167363206038861262249692",
"166542426841496586059505327835835665523",
"43979230317817041708447605051353097096",
"29903537555921881166127903674925898381",
"22042714944155273920365489591589302382",
"333848455835833314470126046747989782542",
"5472461676114724461830336977469580271",
"326880099752475756693312122228892773518",
"76413309683984236481019855455459305430",
"38830505791188045781864074524722940942",
"146001587933567774907017744802610952540",
"336279271509263700042399780281364697619"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9fdcc5b6359dfdaa52a55033bf50e2cedd66eb32",
"signature_version": "v1",
"id": "CVE-2024-35993-02756789"
},
{
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "kernel/crash_core.c"
},
"digest": {
"line_hashes": [
"287220753701916462291727197015570275527",
"68116565558410324869772432201012568571",
"260585247488859395956608828534544331056",
"97799386336321340629574663128948278037",
"55512653589347672971002041620247929924",
"207200910866528875826876856087670754066",
"25545119534610911080456716619108397652"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9fdcc5b6359dfdaa52a55033bf50e2cedd66eb32",
"signature_version": "v1",
"id": "CVE-2024-35993-28c799f5"
},
{
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "mm/hugetlb.c"
},
"digest": {
"line_hashes": [
"198152094242655609692343306363062184888",
"1016365939070314568335721798217034205",
"157255061302657885469976978861869626221",
"81034860245105612081365113470645835290",
"241490418141989655817140342306567126327",
"202159100492447513302188665392354242302",
"110157953097940557986472133969975539667",
"160248207401619660385310140770578992900",
"200963314792002762235421067873386158232",
"264522677504936612629927846055727009259",
"175426282431546506149143038362615900096",
"206538042730687476699144280299062921482",
"133737340290612167363206038861262249692",
"166542426841496586059505327835835665523",
"43979230317817041708447605051353097096",
"29903537555921881166127903674925898381",
"22042714944155273920365489591589302382",
"333848455835833314470126046747989782542",
"5472461676114724461830336977469580271",
"326880099752475756693312122228892773518",
"76413309683984236481019855455459305430",
"38830505791188045781864074524722940942",
"146001587933567774907017744802610952540",
"336279271509263700042399780281364697619"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2431b5f2650dfc47ce782d1ca7b02d6b3916976f",
"signature_version": "v1",
"id": "CVE-2024-35993-41bbb09e"
},
{
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "kernel/crash_core.c"
},
"digest": {
"line_hashes": [
"287220753701916462291727197015570275527",
"68116565558410324869772432201012568571",
"260585247488859395956608828534544331056",
"97799386336321340629574663128948278037",
"55512653589347672971002041620247929924",
"207200910866528875826876856087670754066",
"25545119534610911080456716619108397652"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2431b5f2650dfc47ce782d1ca7b02d6b3916976f",
"signature_version": "v1",
"id": "CVE-2024-35993-47f0a63e"
},
{
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "kernel/crash_core.c",
"function": "crash_save_vmcoreinfo_init"
},
"digest": {
"length": 2931.0,
"function_hash": "193522175766070328264162605841827434477"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2431b5f2650dfc47ce782d1ca7b02d6b3916976f",
"signature_version": "v1",
"id": "CVE-2024-35993-4ab9b7a8"
},
{
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "include/linux/page-flags.h",
"function": "folio_test_hugetlb"
},
"digest": {
"length": 130.0,
"function_hash": "321637068963705049565970143306033375592"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2431b5f2650dfc47ce782d1ca7b02d6b3916976f",
"signature_version": "v1",
"id": "CVE-2024-35993-5192c0a8"
},
{
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "kernel/crash_core.c",
"function": "crash_save_vmcoreinfo_init"
},
"digest": {
"length": 2931.0,
"function_hash": "193522175766070328264162605841827434477"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9fdcc5b6359dfdaa52a55033bf50e2cedd66eb32",
"signature_version": "v1",
"id": "CVE-2024-35993-68c66981"
},
{
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "include/trace/events/mmflags.h"
},
"digest": {
"line_hashes": [
"39509585056470899704060985766414251835",
"71223161206884894872019525126545902269",
"132921995075161398596011583011556143977"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9fdcc5b6359dfdaa52a55033bf50e2cedd66eb32",
"signature_version": "v1",
"id": "CVE-2024-35993-6b5e59fd"
},
{
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "mm/hugetlb.c",
"function": "PageHuge"
},
"digest": {
"length": 142.0,
"function_hash": "122174880119774682930735204882144964679"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9fdcc5b6359dfdaa52a55033bf50e2cedd66eb32",
"signature_version": "v1",
"id": "CVE-2024-35993-6dc4422e"
},
{
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "mm/hugetlb.c",
"function": "PageHuge"
},
"digest": {
"length": 142.0,
"function_hash": "122174880119774682930735204882144964679"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2431b5f2650dfc47ce782d1ca7b02d6b3916976f",
"signature_version": "v1",
"id": "CVE-2024-35993-7b1c2ec7"
},
{
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "include/linux/page-flags.h",
"function": "folio_test_hugetlb"
},
"digest": {
"length": 130.0,
"function_hash": "321637068963705049565970143306033375592"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9fdcc5b6359dfdaa52a55033bf50e2cedd66eb32",
"signature_version": "v1",
"id": "CVE-2024-35993-8cca3769"
},
{
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "include/trace/events/mmflags.h"
},
"digest": {
"line_hashes": [
"39509585056470899704060985766414251835",
"71223161206884894872019525126545902269",
"132921995075161398596011583011556143977"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2431b5f2650dfc47ce782d1ca7b02d6b3916976f",
"signature_version": "v1",
"id": "CVE-2024-35993-ad9a29a1"
},
{
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "include/linux/page-flags.h"
},
"digest": {
"line_hashes": [
"88023950982972182345295629620774950953",
"277765420417022935288592476060771143336",
"38873121802634695852883556975274970624",
"45038393753912447699107579127970887324",
"226070687524221098941102598320527097443",
"175554045705958456422688607836768492906",
"51418830987536478233528866129473776049",
"188917942441790500333859373370750317071",
"150573100075844427260640617473914170519",
"79268168194584483250455370196501331629",
"154126293062855414228354787478294837201",
"182922034730338700170433314648074556808",
"314919365237726209553611236264101439624",
"254493074910150081667072143249382929572",
"261351679644622265721670215692164891118",
"260681368404626593092250872051401742113",
"147314920406665612081758455073405858148",
"279361041369391010515741686912587608586",
"213229869640999920025374917090213465593",
"24809659353736290991850978937666209879",
"211560909608702857942463785198138177603",
"17077526506491293128415596514405218496",
"22470828883206800413824323890367317535",
"309309871959771028658810107473291830179",
"192666826586207118344939807855558661097",
"213995070246116597883232703754931989696",
"79868892710456598882316168951908183420",
"95620422926574258895706159016384216684",
"227515435717122453380200179695324421218",
"208900225719371050046469134583146368554",
"164004149720942863692714084618296276483",
"306372828220535077940447211457268922273",
"39277822142367919319426578450386084370",
"23552217135348593335829630660999897599",
"246968356048414783849301047719957347112"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9fdcc5b6359dfdaa52a55033bf50e2cedd66eb32",
"signature_version": "v1",
"id": "CVE-2024-35993-cc050c7f"
},
{
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "include/linux/page-flags.h"
},
"digest": {
"line_hashes": [
"88023950982972182345295629620774950953",
"277765420417022935288592476060771143336",
"38873121802634695852883556975274970624",
"45038393753912447699107579127970887324",
"226070687524221098941102598320527097443",
"175554045705958456422688607836768492906",
"51418830987536478233528866129473776049",
"188917942441790500333859373370750317071",
"150573100075844427260640617473914170519",
"79268168194584483250455370196501331629",
"154126293062855414228354787478294837201",
"182922034730338700170433314648074556808",
"314919365237726209553611236264101439624",
"254493074910150081667072143249382929572",
"261351679644622265721670215692164891118",
"260681368404626593092250872051401742113",
"147314920406665612081758455073405858148",
"279361041369391010515741686912587608586",
"213229869640999920025374917090213465593",
"24809659353736290991850978937666209879",
"211560909608702857942463785198138177603",
"17077526506491293128415596514405218496",
"22470828883206800413824323890367317535",
"309309871959771028658810107473291830179",
"192666826586207118344939807855558661097",
"213995070246116597883232703754931989696",
"79868892710456598882316168951908183420",
"95620422926574258895706159016384216684",
"227515435717122453380200179695324421218",
"208900225719371050046469134583146368554",
"164004149720942863692714084618296276483",
"306372828220535077940447211457268922273",
"39277822142367919319426578450386084370",
"23552217135348593335829630660999897599",
"246968356048414783849301047719957347112"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2431b5f2650dfc47ce782d1ca7b02d6b3916976f",
"signature_version": "v1",
"id": "CVE-2024-35993-ef8b96e1"
}
]