CVE-2024-56612
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-56612
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-56612.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-56612
- Downstream
- Published
- 2024-12-27T14:51:17.150Z
- Modified
- 2025-11-20T07:02:07.135255Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- mm/gup: handle NULL pages in unpin_user_pages()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
mm/gup: handle NULL pages in unpinuserpages()
The recent addition of "pofs" (pages or folios) handling to gup has a flaw: it assumes that unpinuserpages() handles NULL pages in the pages** array. That's not the case, as I discovered when I ran on a new configuration on my test machine.
Fix this by skipping NULL pages in unpinuserpages(), just like unpin_folios() already does.
Details: when booting on x86 with "numa=fake=2 movablecore=4G" on Linux 6.12, and running this:
tools/testing/selftests/mm/gup_longterm...I get the following crash:
BUG: kernel NULL pointer dereference, address: 0000000000000008 RIP: 0010:sanitycheckpinnedpages+0x3a/0x2d0 ... Call Trace: <TASK> ? _diebody+0x66/0xb0 ? pagefaultoops+0x30c/0x3b0 ? douseraddrfault+0x6c3/0x720 ? irqentryenter+0x34/0x60 ? excpagefault+0x68/0x100 ? asmexcpagefault+0x22/0x30 ? sanitycheckpinnedpages+0x3a/0x2d0 unpinuserpages+0x24/0xe0 checkandmigratemovablepagesorfolios+0x455/0x4b0 _guplongtermlocked+0x3bf/0x820 ? mmapreadlockkillable+0x12/0x50 ? _pfxmmapreadlockkillable+0x10/0x10 pinuserpages+0x66/0xa0 guptestioctl+0x358/0xb20 _sesysioctl+0x6b/0xc0 dosyscall64+0x7b/0x150 entrySYSCALL64after_hwframe+0x76/0x7e
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced94efde1d15399f5c88e576923db9bcd422d217f2Fixed69d319450d1c651f3b05cd820ff285fdd810c032
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced94efde1d15399f5c88e576923db9bcd422d217f2Fixeda1268be280d8e484ab3606d7476edd0f14bb9961
Database specific
vanir_signatures
[
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 449.0,
"function_hash": "317346721836483635773016699052185926049"
},
"id": "CVE-2024-56612-2ee731b5",
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a1268be280d8e484ab3606d7476edd0f14bb9961",
"target": {
"file": "mm/gup.c",
"function": "sanity_check_pinned_pages"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"71563693355721891421700365534217447495",
"215667148240603847773757730411714466127",
"268917194568188712548726035255134631275",
"36284741913612771141275737325225680343",
"231354190788454909968821300667250647326",
"39457441928290310901903583681038638779",
"93153017469190955480193009156651889280",
"144245318715095417750216620655022540791"
]
},
"id": "CVE-2024-56612-48295e14",
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@69d319450d1c651f3b05cd820ff285fdd810c032",
"target": {
"file": "mm/gup.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 326.0,
"function_hash": "210506818998194067000832318695680334273"
},
"id": "CVE-2024-56612-5a3489ae",
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@69d319450d1c651f3b05cd820ff285fdd810c032",
"target": {
"file": "mm/gup.c",
"function": "unpin_user_pages"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 326.0,
"function_hash": "210506818998194067000832318695680334273"
},
"id": "CVE-2024-56612-ad79dbd4",
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a1268be280d8e484ab3606d7476edd0f14bb9961",
"target": {
"file": "mm/gup.c",
"function": "unpin_user_pages"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"71563693355721891421700365534217447495",
"215667148240603847773757730411714466127",
"268917194568188712548726035255134631275",
"36284741913612771141275737325225680343",
"231354190788454909968821300667250647326",
"39457441928290310901903583681038638779",
"93153017469190955480193009156651889280",
"144245318715095417750216620655022540791"
]
},
"id": "CVE-2024-56612-cae4195a",
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a1268be280d8e484ab3606d7476edd0f14bb9961",
"target": {
"file": "mm/gup.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 449.0,
"function_hash": "317346721836483635773016699052185926049"
},
"id": "CVE-2024-56612-d951b5e9",
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@69d319450d1c651f3b05cd820ff285fdd810c032",
"target": {
"file": "mm/gup.c",
"function": "sanity_check_pinned_pages"
}
}
]