CVE-2024-40948
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-40948
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-40948.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-40948
- Downstream
- Related
- Published
- 2024-07-12T12:31:53Z
- Modified
- 2025-10-15T12:37:08.944171Z
- Summary
- mm/page_table_check: fix crash on ZONE_DEVICE
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
mm/pagetablecheck: fix crash on ZONE_DEVICE
Not all pages may apply to pgtable check. One example is ZONEDEVICE pages: they map PFNs directly, and they don't allocate pageext at all even if there's struct page around. One may reference devmmemremappages().
When both ZONE_DEVICE and page-table-check enabled, then try to map some dax memories, one can trigger kernel bug constantly now when the kernel was trying to inject some pfn maps on the dax device:
kernel BUG at mm/pagetablecheck.c:55!
While it's pretty legal to use setpxxat() for ZONEDEVICE pages for page fault resolutions, skip all the checks if pageext doesn't even exist in pgtable checker, which applies to ZONE_DEVICE but maybe more.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/51897f99351fff7b57f4f141940fa93b4e90fd2b
- https://git.kernel.org/stable/c/84d3549d54f5ff9fa3281257be3019386f51d1a0
- https://git.kernel.org/stable/c/8bb592c2eca8fd2bc06db7d80b38da18da4a2f43
- https://git.kernel.org/stable/c/dec2382247860d2134c8d41e103e26460c099629
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceddf4e817b710809425d899340dbfa8504a3ca4ba5Fixed51897f99351fff7b57f4f141940fa93b4e90fd2b
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceddf4e817b710809425d899340dbfa8504a3ca4ba5Fixed84d3549d54f5ff9fa3281257be3019386f51d1a0
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceddf4e817b710809425d899340dbfa8504a3ca4ba5Fixeddec2382247860d2134c8d41e103e26460c099629
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceddf4e817b710809425d899340dbfa8504a3ca4ba5Fixed8bb592c2eca8fd2bc06db7d80b38da18da4a2f43
Affected versions
v5.*
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.4
v6.1.40
v6.1.41
v6.1.42
v6.1.43
v6.1.44
v6.1.45
v6.1.46
v6.1.47
v6.1.48
v6.1.49
v6.1.5
v6.1.50
v6.1.51
v6.1.52
v6.1.53
v6.1.54
v6.1.55
v6.1.56
v6.1.57
v6.1.58
v6.1.59
v6.1.6
v6.1.60
v6.1.61
v6.1.62
v6.1.63
v6.1.64
v6.1.65
v6.1.66
v6.1.67
v6.1.68
v6.1.69
v6.1.7
v6.1.70
v6.1.71
v6.1.72
v6.1.73
v6.1.74
v6.1.75
v6.1.76
v6.1.77
v6.1.78
v6.1.79
v6.1.8
v6.1.80
v6.1.81
v6.1.82
v6.1.83
v6.1.84
v6.1.85
v6.1.86
v6.1.87
v6.1.88
v6.1.89
v6.1.9
v6.1.90
v6.1.91
v6.1.92
v6.1.93
v6.1.94
v6.1.95
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
v6.9.1
v6.9.2
v6.9.3
v6.9.4
v6.9.5
v6.9.6
Database specific
vanir_signatures
[
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@51897f99351fff7b57f4f141940fa93b4e90fd2b",
"signature_version": "v1",
"target": {
"file": "mm/page_table_check.c",
"function": "__page_table_check_zero"
},
"digest": {
"length": 411.0,
"function_hash": "57975450479636233858107052533141117366"
},
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2024-40948-1cadf0e9"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@51897f99351fff7b57f4f141940fa93b4e90fd2b",
"signature_version": "v1",
"target": {
"file": "mm/page_table_check.c",
"function": "page_table_check_clear"
},
"digest": {
"length": 679.0,
"function_hash": "116431888026416004856452063283689429820"
},
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2024-40948-2520d9d8"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8bb592c2eca8fd2bc06db7d80b38da18da4a2f43",
"signature_version": "v1",
"target": {
"file": "mm/page_table_check.c",
"function": "page_table_check_clear"
},
"digest": {
"length": 640.0,
"function_hash": "328872397632914227784261365857946632916"
},
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2024-40948-3fae4660"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dec2382247860d2134c8d41e103e26460c099629",
"signature_version": "v1",
"target": {
"file": "mm/page_table_check.c",
"function": "page_table_check_clear"
},
"digest": {
"length": 640.0,
"function_hash": "328872397632914227784261365857946632916"
},
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2024-40948-42c1b606"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@84d3549d54f5ff9fa3281257be3019386f51d1a0",
"signature_version": "v1",
"target": {
"file": "mm/page_table_check.c"
},
"digest": {
"line_hashes": [
"289822533049936630350572325446666365806",
"35450541036070278372240010388109066161",
"333677178089496264047949571748094148539",
"289822533049936630350572325446666365806",
"35450541036070278372240010388109066161",
"333677178089496264047949571748094148539",
"214228881328809078460341517953448875571",
"304269116635783601106187507608897625089",
"329465570712061699458767100710817938632",
"215698086814727808135341511070522852746"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2024-40948-46aaf2e4"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dec2382247860d2134c8d41e103e26460c099629",
"signature_version": "v1",
"target": {
"file": "mm/page_table_check.c",
"function": "page_table_check_set"
},
"digest": {
"length": 663.0,
"function_hash": "72832267679090789440120803148219365448"
},
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2024-40948-57cf4294"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dec2382247860d2134c8d41e103e26460c099629",
"signature_version": "v1",
"target": {
"file": "mm/page_table_check.c"
},
"digest": {
"line_hashes": [
"289822533049936630350572325446666365806",
"35450541036070278372240010388109066161",
"333677178089496264047949571748094148539",
"289822533049936630350572325446666365806",
"35450541036070278372240010388109066161",
"333677178089496264047949571748094148539",
"214228881328809078460341517953448875571",
"304269116635783601106187507608897625089",
"329465570712061699458767100710817938632",
"215698086814727808135341511070522852746"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2024-40948-96f86766"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dec2382247860d2134c8d41e103e26460c099629",
"signature_version": "v1",
"target": {
"file": "mm/page_table_check.c",
"function": "__page_table_check_zero"
},
"digest": {
"length": 411.0,
"function_hash": "57975450479636233858107052533141117366"
},
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2024-40948-a186fd58"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@84d3549d54f5ff9fa3281257be3019386f51d1a0",
"signature_version": "v1",
"target": {
"file": "mm/page_table_check.c",
"function": "page_table_check_set"
},
"digest": {
"length": 663.0,
"function_hash": "72832267679090789440120803148219365448"
},
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2024-40948-a47b15e8"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8bb592c2eca8fd2bc06db7d80b38da18da4a2f43",
"signature_version": "v1",
"target": {
"file": "mm/page_table_check.c",
"function": "page_table_check_set"
},
"digest": {
"length": 663.0,
"function_hash": "72832267679090789440120803148219365448"
},
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2024-40948-adf6ac40"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8bb592c2eca8fd2bc06db7d80b38da18da4a2f43",
"signature_version": "v1",
"target": {
"file": "mm/page_table_check.c"
},
"digest": {
"line_hashes": [
"289822533049936630350572325446666365806",
"35450541036070278372240010388109066161",
"333677178089496264047949571748094148539",
"289822533049936630350572325446666365806",
"35450541036070278372240010388109066161",
"333677178089496264047949571748094148539",
"214228881328809078460341517953448875571",
"304269116635783601106187507608897625089",
"329465570712061699458767100710817938632",
"215698086814727808135341511070522852746"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2024-40948-b090fe62"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@84d3549d54f5ff9fa3281257be3019386f51d1a0",
"signature_version": "v1",
"target": {
"file": "mm/page_table_check.c",
"function": "page_table_check_clear"
},
"digest": {
"length": 640.0,
"function_hash": "328872397632914227784261365857946632916"
},
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2024-40948-ca2fe0b9"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@51897f99351fff7b57f4f141940fa93b4e90fd2b",
"signature_version": "v1",
"target": {
"file": "mm/page_table_check.c"
},
"digest": {
"line_hashes": [
"289822533049936630350572325446666365806",
"35450541036070278372240010388109066161",
"333677178089496264047949571748094148539",
"289822533049936630350572325446666365806",
"35450541036070278372240010388109066161",
"333677178089496264047949571748094148539",
"214228881328809078460341517953448875571",
"304269116635783601106187507608897625089",
"329465570712061699458767100710817938632",
"215698086814727808135341511070522852746"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2024-40948-ceea80cd"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@51897f99351fff7b57f4f141940fa93b4e90fd2b",
"signature_version": "v1",
"target": {
"file": "mm/page_table_check.c",
"function": "page_table_check_set"
},
"digest": {
"length": 702.0,
"function_hash": "237610029268892514530135184156640323505"
},
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2024-40948-d8023302"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@84d3549d54f5ff9fa3281257be3019386f51d1a0",
"signature_version": "v1",
"target": {
"file": "mm/page_table_check.c",
"function": "__page_table_check_zero"
},
"digest": {
"length": 411.0,
"function_hash": "57975450479636233858107052533141117366"
},
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2024-40948-dc77b127"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8bb592c2eca8fd2bc06db7d80b38da18da4a2f43",
"signature_version": "v1",
"target": {
"file": "mm/page_table_check.c",
"function": "__page_table_check_zero"
},
"digest": {
"length": 411.0,
"function_hash": "57975450479636233858107052533141117366"
},
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2024-40948-f28340c6"
}
]