CVE-2024-49872
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-49872
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-49872.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-49872
- Downstream
- Related
- Published
- 2024-10-21T18:01:13Z
- Modified
- 2025-10-22T03:16:59.546099Z
- Summary
- mm/gup: fix memfd_pin_folios alloc race panic
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
mm/gup: fix memfdpinfolios alloc race panic
If memfdpinfolios tries to create a hugetlb page, but someone else already did, then folio gets the value -EEXIST here:
folio = memfd_alloc_folio(memfd, start_idx); if (IS_ERR(folio)) { ret = PTR_ERR(folio); if (ret != -EEXIST) goto err;then on the next trip through the "while start_idx" loop we panic here:
if (folio) { folio_put(folio);To fix, set the folio to NULL on error.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced89c1905d9c140372b7f50ef48f42378cf85d9bc5Fixede28f39b359c0cfdcc011603e51187085a5f1e5e3
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced89c1905d9c140372b7f50ef48f42378cf85d9bc5Fixedce645b9fdc78ec5d28067286e92871ddae6817d5
Affected versions
v6.*
v6.10
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.11.1
v6.11.2
Database specific
vanir_signatures
[
{
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "memfd_pin_folios",
"file": "mm/gup.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e28f39b359c0cfdcc011603e51187085a5f1e5e3",
"digest": {
"function_hash": "160405053835152729222400439494103541297",
"length": 1704.0
},
"signature_type": "Function",
"id": "CVE-2024-49872-490e3e4b"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "memfd_pin_folios",
"file": "mm/gup.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ce645b9fdc78ec5d28067286e92871ddae6817d5",
"digest": {
"function_hash": "160405053835152729222400439494103541297",
"length": 1704.0
},
"signature_type": "Function",
"id": "CVE-2024-49872-b5aa5748"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "mm/gup.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e28f39b359c0cfdcc011603e51187085a5f1e5e3",
"digest": {
"line_hashes": [
"146933450404069553510915343750206246407",
"31427901901398074050896372576821255126",
"263736259158063109849109438428756036407",
"81349835723810761116707704602341327634"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2024-49872-ed557964"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "mm/gup.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ce645b9fdc78ec5d28067286e92871ddae6817d5",
"digest": {
"line_hashes": [
"146933450404069553510915343750206246407",
"31427901901398074050896372576821255126",
"263736259158063109849109438428756036407",
"81349835723810761116707704602341327634"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2024-49872-f0fb3403"
}
]