CVE-2024-40917
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-40917
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-40917.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-40917
- Related
- Published
- 2024-07-12T13:15:14Z
- Modified
- 2024-09-18T03:26:30.315902Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
memblock: make memblocksetnode() also warn about use of MAX_NUMNODES
On an (old) x86 system with SRAT just covering space above 4Gb:
ACPI: SRAT: Node 0 PXM 0 [mem 0x100000000-0xfffffffff] hotplugthe commit referenced below leads to this NUMA configuration no longer being refused by a CONFIG_NUMA=y kernel (previously
NUMA: nodes only cover 6144MB of your 8185MB e820 RAM. Not used. No NUMA configuration found Faking a node at [mem 0x0000000000000000-0x000000027fffffff]was seen in the log directly after the message quoted above), because of memblockvalidatenumacoverage() checking for NUMANONODE (only). This in turn led to memblockallocrangenid()'s warning about MAXNUMNODES triggering, followed by a NULL deref in memmapinit() when trying to access node 64's (NODE_SHIFT=6) node data.
To compensate said change, make memblocksetnode() warn on and adjust a passed in value of MAX_NUMNODES, just like various other functions already do.
- References
Affected packages
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.9.7-1