CVE-2024-51729

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-51729
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-51729.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-51729
Downstream
Related
Published
2025-01-11T12:35:38.375Z
Modified
2025-11-20T06:41:42.532230Z
Summary
mm: use aligned address in copy_user_gigantic_page()
Details

In the Linux kernel, the following vulnerability has been resolved:

mm: use aligned address in copyusergigantic_page()

In current kernel, hugetlbwp() calls copyuserlargefolio() with the fault address. Where the fault address may be not aligned with the huge page size. Then, copyuserlargefolio() may call copyusergiganticpage() with the address, while copyusergiganticpage() requires the address to be huge page size aligned. So, this may cause memory corruption or information leak, addtional, use more obvious naming 'addrhint' instead of 'addr' for copyusergigantic_page().

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
530dd9926dc16220d2fae0997f45cda94f5f0864
Fixed
cb12d61361ce769672c7c7bd32107252598cdd8b
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
530dd9926dc16220d2fae0997f45cda94f5f0864
Fixed
f5d09de9f1bf9674c6418ff10d0a40cfe29268e1

Affected versions

v6.*

v6.10
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.2
v6.12.3
v6.12.4
v6.12.5
v6.12.6
v6.13-rc1
v6.13-rc2
v6.13-rc3

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "deprecated": false,
        "digest": {
            "length": 3111.0,
            "function_hash": "257578240258103201236501259375373454353"
        },
        "target": {
            "file": "mm/hugetlb.c",
            "function": "copy_hugetlb_page_range"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f5d09de9f1bf9674c6418ff10d0a40cfe29268e1",
        "signature_version": "v1",
        "id": "CVE-2024-51729-10e2fec7"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "digest": {
            "length": 381.0,
            "function_hash": "219622312883964625739944263989826174224"
        },
        "target": {
            "file": "mm/memory.c",
            "function": "copy_user_gigantic_page"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cb12d61361ce769672c7c7bd32107252598cdd8b",
        "signature_version": "v1",
        "id": "CVE-2024-51729-1fdc103d"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "83679953334219483507799635941281528211",
                "208464280934207313769277658501384315906",
                "58284643162200363808633731683919883654",
                "74989927245755172260112191310551078241",
                "297658651313018409533848885884556142835",
                "185404706289443922055107993292959250048",
                "155724701227181052767858535595075938429",
                "247976563095430084460023572195738619273",
                "74124744549820624690527557966557615648",
                "199547484172964230560207197488470291326"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "mm/memory.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cb12d61361ce769672c7c7bd32107252598cdd8b",
        "signature_version": "v1",
        "id": "CVE-2024-51729-530626f0"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "98553042916600543507046676601504669488",
                "332727681123613132286279903940403607555",
                "322220930021746574989570392507652693841",
                "172490942387932382779344034080412505666",
                "266044026938932895004344592633009013098",
                "243677527619418030692451726560469408414",
                "103158770378924836954964023236939000990",
                "298603953315062460132495653491125753869",
                "94457432853912863109429806588567187084"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "mm/hugetlb.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f5d09de9f1bf9674c6418ff10d0a40cfe29268e1",
        "signature_version": "v1",
        "id": "CVE-2024-51729-54daabc3"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "98553042916600543507046676601504669488",
                "332727681123613132286279903940403607555",
                "322220930021746574989570392507652693841",
                "172490942387932382779344034080412505666",
                "266044026938932895004344592633009013098",
                "243677527619418030692451726560469408414",
                "103158770378924836954964023236939000990",
                "298603953315062460132495653491125753869",
                "94457432853912863109429806588567187084"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "mm/hugetlb.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cb12d61361ce769672c7c7bd32107252598cdd8b",
        "signature_version": "v1",
        "id": "CVE-2024-51729-8381428f"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "digest": {
            "length": 3125.0,
            "function_hash": "119192817964472723264437011485406307449"
        },
        "target": {
            "file": "mm/hugetlb.c",
            "function": "hugetlb_mfill_atomic_pte"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f5d09de9f1bf9674c6418ff10d0a40cfe29268e1",
        "signature_version": "v1",
        "id": "CVE-2024-51729-92c74102"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "digest": {
            "length": 3111.0,
            "function_hash": "257578240258103201236501259375373454353"
        },
        "target": {
            "file": "mm/hugetlb.c",
            "function": "copy_hugetlb_page_range"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cb12d61361ce769672c7c7bd32107252598cdd8b",
        "signature_version": "v1",
        "id": "CVE-2024-51729-ae1a15d9"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "digest": {
            "length": 381.0,
            "function_hash": "219622312883964625739944263989826174224"
        },
        "target": {
            "file": "mm/memory.c",
            "function": "copy_user_gigantic_page"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f5d09de9f1bf9674c6418ff10d0a40cfe29268e1",
        "signature_version": "v1",
        "id": "CVE-2024-51729-ce8d4c38"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "digest": {
            "length": 3125.0,
            "function_hash": "119192817964472723264437011485406307449"
        },
        "target": {
            "file": "mm/hugetlb.c",
            "function": "hugetlb_mfill_atomic_pte"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cb12d61361ce769672c7c7bd32107252598cdd8b",
        "signature_version": "v1",
        "id": "CVE-2024-51729-d59c7bc2"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "83679953334219483507799635941281528211",
                "208464280934207313769277658501384315906",
                "58284643162200363808633731683919883654",
                "74989927245755172260112191310551078241",
                "297658651313018409533848885884556142835",
                "185404706289443922055107993292959250048",
                "155724701227181052767858535595075938429",
                "247976563095430084460023572195738619273",
                "74124744549820624690527557966557615648",
                "199547484172964230560207197488470291326"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "mm/memory.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f5d09de9f1bf9674c6418ff10d0a40cfe29268e1",
        "signature_version": "v1",
        "id": "CVE-2024-51729-fd28ecb4"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.11.0
Fixed
6.12.7