CVE-2024-38543

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-38543
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-38543.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-38543
Downstream
Related
Published
2024-06-19T13:35:17.994Z
Modified
2025-11-20T04:54:53.832056Z
Summary
lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure
Details

In the Linux kernel, the following vulnerability has been resolved:

lib/testhmm.c: handle srcpfns and dst_pfns allocation failure

The kcalloc() in dmirrordeviceevictchunk() will return null if the physical memory has run out. As a result, if srcpfns or dst_pfns is dereferenced, the null pointer dereference bug will happen.

Moreover, the device is going away. If the kcalloc() fails, the pages mapping a chunk could not be evicted. So add a _GFPNOFAIL flag in kcalloc().

Finally, as there is no need to have physically contiguous memory, Switch kcalloc() to kvcalloc() in order to avoid failing allocations.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
b2ef9f5a5cb37643ca5def3516c546457074b882
Fixed
1a21fdeea502658e315bd939409b755974f4fb64
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
b2ef9f5a5cb37643ca5def3516c546457074b882
Fixed
65e528a69cb3ed4a286c45b4afba57461c8b5b33
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
b2ef9f5a5cb37643ca5def3516c546457074b882
Fixed
ce47e8ead9a72834cc68431d53f8092ce69bebb7
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
b2ef9f5a5cb37643ca5def3516c546457074b882
Fixed
3b20d18f475bd17309db640dbe7d7c7ebb5bc2bc
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
b2ef9f5a5cb37643ca5def3516c546457074b882
Fixed
c2af060d1c18beaec56351cf9c9bcbbc5af341a3

Affected versions

v5.*

v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v5.7
v5.7-rc5
v5.7-rc6
v5.7-rc7
v5.8
v5.8-rc1
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8

v6.*

v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.4
v6.1.40
v6.1.41
v6.1.42
v6.1.43
v6.1.44
v6.1.45
v6.1.46
v6.1.47
v6.1.48
v6.1.49
v6.1.5
v6.1.50
v6.1.51
v6.1.52
v6.1.53
v6.1.54
v6.1.55
v6.1.56
v6.1.57
v6.1.58
v6.1.59
v6.1.6
v6.1.60
v6.1.61
v6.1.62
v6.1.63
v6.1.64
v6.1.65
v6.1.66
v6.1.67
v6.1.68
v6.1.69
v6.1.7
v6.1.70
v6.1.71
v6.1.72
v6.1.73
v6.1.74
v6.1.75
v6.1.76
v6.1.77
v6.1.78
v6.1.79
v6.1.8
v6.1.80
v6.1.81
v6.1.82
v6.1.83
v6.1.84
v6.1.85
v6.1.86
v6.1.87
v6.1.88
v6.1.89
v6.1.9
v6.1.90
v6.1.91
v6.1.92
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1
v6.8.10
v6.8.11
v6.8.2
v6.8.3
v6.8.4
v6.8.5
v6.8.6
v6.8.7
v6.8.8
v6.8.9
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
v6.9.1
v6.9.2

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 1011.0,
            "function_hash": "113408752020212335672926792250620552281"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ce47e8ead9a72834cc68431d53f8092ce69bebb7",
        "target": {
            "file": "lib/test_hmm.c",
            "function": "dmirror_device_evict_chunk"
        },
        "id": "CVE-2024-38543-20a60a9b"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 1011.0,
            "function_hash": "113408752020212335672926792250620552281"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1a21fdeea502658e315bd939409b755974f4fb64",
        "target": {
            "file": "lib/test_hmm.c",
            "function": "dmirror_device_evict_chunk"
        },
        "id": "CVE-2024-38543-3cd347e7"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 1011.0,
            "function_hash": "113408752020212335672926792250620552281"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c2af060d1c18beaec56351cf9c9bcbbc5af341a3",
        "target": {
            "file": "lib/test_hmm.c",
            "function": "dmirror_device_evict_chunk"
        },
        "id": "CVE-2024-38543-555e1591"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "54297623313599677980196844191015403944",
                "329470228294569701934738161508840784365",
                "255084185976078464956865529428990617698",
                "37424157980265462019395293169050803371",
                "185667054452716887954108822360791614705",
                "262831297862056047516442558932529891282",
                "189540069312518251608825112009496940938",
                "205457116770054350401044999159621241345",
                "165928567168890685620284087028484314351",
                "188659076264862217100662858733014438324"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ce47e8ead9a72834cc68431d53f8092ce69bebb7",
        "target": {
            "file": "lib/test_hmm.c"
        },
        "id": "CVE-2024-38543-95db7846"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "54297623313599677980196844191015403944",
                "329470228294569701934738161508840784365",
                "255084185976078464956865529428990617698",
                "37424157980265462019395293169050803371",
                "185667054452716887954108822360791614705",
                "262831297862056047516442558932529891282",
                "189540069312518251608825112009496940938",
                "205457116770054350401044999159621241345",
                "165928567168890685620284087028484314351",
                "188659076264862217100662858733014438324"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c2af060d1c18beaec56351cf9c9bcbbc5af341a3",
        "target": {
            "file": "lib/test_hmm.c"
        },
        "id": "CVE-2024-38543-9c8d2d7e"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "54297623313599677980196844191015403944",
                "329470228294569701934738161508840784365",
                "255084185976078464956865529428990617698",
                "37424157980265462019395293169050803371",
                "185667054452716887954108822360791614705",
                "262831297862056047516442558932529891282",
                "189540069312518251608825112009496940938",
                "205457116770054350401044999159621241345",
                "165928567168890685620284087028484314351",
                "188659076264862217100662858733014438324"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1a21fdeea502658e315bd939409b755974f4fb64",
        "target": {
            "file": "lib/test_hmm.c"
        },
        "id": "CVE-2024-38543-b78b8822"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.8.0
Fixed
6.1.93
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.33
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.8.12
Type
ECOSYSTEM
Events
Introduced
6.9.0
Fixed
6.9.3