CVE-2024-36891

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-36891
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36891.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-36891
Downstream
Related
Published
2024-05-30T15:28:57.939Z
Modified
2026-03-14T12:34:15.475285Z
Summary
maple_tree: fix mas_empty_area_rev() null pointer dereference
Details

In the Linux kernel, the following vulnerability has been resolved:

mapletree: fix masemptyarearev() null pointer dereference

Currently the code calls masstart() followed by masdataend() if the maple state is MASTART, but masstart() may return with the maple state node == NULL. This will lead to a null pointer dereference when checking information in the NULL node, which is done in masdata_end().

Avoid setting the offset if there is no node by waiting until after the maple state is checked for an empty or single entry state.

A user could trigger the events to cause a kernel oops by unmapping all vmas to produce an empty maple tree, then mapping a vma that would cause the scenario described above.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36891.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
54a611b605901c7d5d05b6b8f5d04a6ceb0962aa
Fixed
883e5d542bbdddbddeba60250cb482baf3ae2415
Fixed
6c9c7c1e63b198a8b979ad963eb21410f10ccb00
Fixed
f3956791cf526540addd3295e4c1e0f0442486cc
Fixed
955a923d2809803980ff574270f81510112be9cf

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36891.json"