NVD

CVE-2024-39477 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: do not call vma_add_reservation upon ENOMEM sysbot reported a splat [1] on __unmap_hugepage_range(). This is because vma_needs_reservation() can return -ENOMEM if allocate_file_region_entries() fails to allocate the file_region struct for the reservation. Check for that and do not call vma_add_reservation() if that is the case, otherwise region_abort() and region_del() will see that we do not have any file_regions. If we detect that vma_needs_reservation() returned -ENOMEM, we clear the hugetlb_restore_reserve flag as if this reservation was still consumed, so free_huge_folio() will not increment the resv count. [1] https://lore.kernel.org/linux-mm/0000000000004096100617c58d54@google.com/T/#ma5983bc1ab18a54910da83416b3f89f3c7ee43aa

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: 5.5 MEDIUM

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink	Resource
https://git.kernel.org/stable/c/8daf9c702ee7f825f0de8600abff764acfedea13	Mailing List Patch
https://git.kernel.org/stable/c/aa998f9dcb34c28448f86e8f5490f20d5eb0eac7	Mailing List Patch

Weakness Enumeration

CWE-ID	CWE Name	Source
CWE-770	Allocation of Resources Without Limits or Throttling	NIST

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

2 change records found show changes

Initial Analysis by NIST 7/08/2024 1:11:05 PM

Action	Type	Old Value	New Value
Added	CPE Configuration		OR cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 6.9 up to (excluding) 6.9.5 cpe:2.3:o:linux:linux_kernel:6.10.0:rc1::::::* cpe:2.3:o:linux:linux_kernel:6.10.0:rc2::::::*
Added	CVSS V3.1		NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Added	CWE		NIST CWE-770
Changed	Reference Type	https://git.kernel.org/stable/c/8daf9c702ee7f825f0de8600abff764acfedea13 No Types Assigned	https://git.kernel.org/stable/c/8daf9c702ee7f825f0de8600abff764acfedea13 Mailing List, Patch
Changed	Reference Type	https://git.kernel.org/stable/c/aa998f9dcb34c28448f86e8f5490f20d5eb0eac7 No Types Assigned	https://git.kernel.org/stable/c/aa998f9dcb34c28448f86e8f5490f20d5eb0eac7 Mailing List, Patch

Quick Info

CVE Dictionary Entry:
CVE-2024-39477
NVD Published Date:
07/05/2024
NVD Last Modified:
07/08/2024
Source:
kernel.org

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2024-39477 Detail

Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

Initial Analysis by NIST 7/08/2024 1:11:05 PM

New CVE Received by NIST 7/05/2024 3:15:10 AM

Quick Info