U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2024-47674 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: mm: avoid leaving partial pfn mappings around in error case As Jann points out, PFN mappings are special, because unlike normal memory mappings, there is no lifetime information associated with the mapping - it is just a raw mapping of PFNs with no reference counting of a 'struct page'. That's all very much intentional, but it does mean that it's easy to mess up the cleanup in case of errors. Yes, a failed mmap() will always eventually clean up any partial mappings, but without any explicit lifetime in the page table mapping itself, it's very easy to do the error handling in the wrong order. In particular, it's easy to mistakenly free the physical backing store before the page tables are actually cleaned up and (temporarily) have stale dangling PTE entries. To make this situation less error-prone, just make sure that any partial pfn mapping is torn down early, before any other error handling.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://git.kernel.org/stable/c/3213fdcab961026203dd587a4533600c70b3336b
https://git.kernel.org/stable/c/35770ca6180caa24a2b258c99a87bd437a1ee10f
https://git.kernel.org/stable/c/5b2c8b34f6d76bfbd1dd4936eb8a0fbfb9af3959 Patch 
https://git.kernel.org/stable/c/65d0db500d7c07f0f76fc24a4d837791c4862cd2 Patch 
https://git.kernel.org/stable/c/79a61cc3fc0466ad2b7b89618a6157785f0293b3 Patch 
https://git.kernel.org/stable/c/954fd4c81f22c4b6ba65379a81fd252971bf4ef3 Patch 
https://git.kernel.org/stable/c/a95a24fcaee1b892e47d5e6dcc403f713874ee80 Patch 
https://project-zero.issues.chromium.org/issues/366053091

Weakness Enumeration

CWE-ID CWE Name Source
CWE-459 Incomplete Cleanup cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

6 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2024-47674
NVD Published Date:
10/15/2024
NVD Last Modified:
11/17/2024
Source:
kernel.org