NVD

CVE-2024-39474 Detail

Modified After Enrichment

This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes.

Description

In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL commit a421ef303008 ("mm: allow !GFP_KERNEL allocations for kvmalloc") includes support for __GFP_NOFAIL, but it presents a conflict with commit dd544141b9eb ("vmalloc: back off when the current task is OOM-killed"). A possible scenario is as follows: process-a __vmalloc_node_range(GFP_KERNEL | __GFP_NOFAIL) __vmalloc_area_node() vm_area_alloc_pages() --> oom-killer send SIGKILL to process-a if (fatal_signal_pending(current)) break; --> return NULL; To fix this, do not check fatal_signal_pending() in vm_area_alloc_pages() if __GFP_NOFAIL set. This issue occurred during OPLUS KASAN TEST. Below is part of the log -> oom-killer sends signal to process [65731.222840] [ T1308] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/apps/uid_10198,task=gs.intelligence,pid=32454,uid=10198 [65731.259685] [T32454] Call trace: [65731.259698] [T32454] dump_backtrace+0xf4/0x118 [65731.259734] [T32454] show_stack+0x18/0x24 [65731.259756] [T32454] dump_stack_lvl+0x60/0x7c [65731.259781] [T32454] dump_stack+0x18/0x38 [65731.259800] [T32454] mrdump_common_die+0x250/0x39c [mrdump] [65731.259936] [T32454] ipanic_die+0x20/0x34 [mrdump] [65731.260019] [T32454] atomic_notifier_call_chain+0xb4/0xfc [65731.260047] [T32454] notify_die+0x114/0x198 [65731.260073] [T32454] die+0xf4/0x5b4 [65731.260098] [T32454] die_kernel_fault+0x80/0x98 [65731.260124] [T32454] __do_kernel_fault+0x160/0x2a8 [65731.260146] [T32454] do_bad_area+0x68/0x148 [65731.260174] [T32454] do_mem_abort+0x151c/0x1b34 [65731.260204] [T32454] el1_abort+0x3c/0x5c [65731.260227] [T32454] el1h_64_sync_handler+0x54/0x90 [65731.260248] [T32454] el1h_64_sync+0x68/0x6c [65731.260269] [T32454] z_erofs_decompress_queue+0x7f0/0x2258 --> be->decompressed_pages = kvcalloc(be->nr_pages, sizeof(struct page *), GFP_KERNEL | __GFP_NOFAIL); kernel panic by NULL pointer dereference. erofs assume kvmalloc with __GFP_NOFAIL never return NULL. [65731.260293] [T32454] z_erofs_runqueue+0xf30/0x104c [65731.260314] [T32454] z_erofs_readahead+0x4f0/0x968 [65731.260339] [T32454] read_pages+0x170/0xadc [65731.260364] [T32454] page_cache_ra_unbounded+0x874/0xf30 [65731.260388] [T32454] page_cache_ra_order+0x24c/0x714 [65731.260411] [T32454] filemap_fault+0xbf0/0x1a74 [65731.260437] [T32454] __do_fault+0xd0/0x33c [65731.260462] [T32454] handle_mm_fault+0xf74/0x3fe0 [65731.260486] [T32454] do_mem_abort+0x54c/0x1b34 [65731.260509] [T32454] el0_da+0x44/0x94 [65731.260531] [T32454] el0t_64_sync_handler+0x98/0xb4 [65731.260553] [T32454] el0t_64_sync+0x198/0x19c

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: 5.5 MEDIUM

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL	Source(s)	Tag(s)
https://git.kernel.org/stable/c/198a80833e3421d4c9820a4ae907120adf598c91	CVE, kernel.org	Mailing List Patch
https://git.kernel.org/stable/c/758678b65164b2158fc1de411092191cb3c394d4	CVE, kernel.org	Mailing List Patch
https://git.kernel.org/stable/c/8e0545c83d672750632f46e3f9ad95c48c91a0fc	CVE, kernel.org	Mailing List Patch
https://git.kernel.org/stable/c/c55d3564ad25ce87ab7cc6af251f9574faebd8da	CVE, kernel.org	Mailing List Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html	CVE

Weakness Enumeration

CWE-ID	CWE Name	Source
CWE-770	Allocation of Resources Without Limits or Throttling	NIST

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

6 change records found show changes

CVE Modified by kernel.org 6/17/2026 3:41:59 AM

Action

Type

Old Value

New Value

Added

Affected

[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["mm/vmalloc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"9376130c390a76fac2788a5d6e1a149017b4ab50","lessThan":"198a80833e3421d4c9820a4ae907120adf598c91","versionType":"git","status":"affected"},{"version":"9376130c390a76fac2788a5d6e1a149017b4ab50","lessThan":"c55d3564ad25ce87ab7cc6af251f9574faebd8da","versionType":"git","status":"affected"},{"version":"9376130c390a76fac2788a5d6e1a149017b4ab50","lessThan":"758678b65164b2158fc1de411092191cb3c394d4","versionType":"git","status":"affected"},{"version":"9376130c390a76fac2788a5d6e1a149017b4ab50","lessThan":"8e0545c83d672750632f46e3f9ad95c48c91a0fc","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["mm/vmalloc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.17","status":"affected"},{"version":"0","lessThan":"5.17","versionType":"semver","status":"unaffected"},{"version":"6.1.95","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.34","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.9.5","lessThanOrEqual":"6.9.*","versionType":"semver","status":"unaffected"},{"version":"6.10","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]

CVE Modified by CVE 11/21/2024 4:27:44 AM

Action	Type	New Value
Added	Reference	https://git.kernel.org/stable/c/198a80833e3421d4c9820a4ae907120adf598c91
Added	Reference	https://git.kernel.org/stable/c/758678b65164b2158fc1de411092191cb3c394d4
Added	Reference	https://git.kernel.org/stable/c/8e0545c83d672750632f46e3f9ad95c48c91a0fc
Added	Reference	https://git.kernel.org/stable/c/c55d3564ad25ce87ab7cc6af251f9574faebd8da

Initial Analysis by NIST 7/08/2024 1:11:56 PM

Action	Type	Old Value	New Value
Added	CVSS V3.1		NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Added	CWE		NIST CWE-770
Added	CPE Configuration		OR cpe:2.3:o:linux:linux_kernel::::::::* versions up to (excluding) 5.17 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 6.1 up to (excluding) 6.1.95 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 6.6 up to (excluding) 6.6.34 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 6.9 up to (excluding) 6.9.5
Changed	Reference Type	https://git.kernel.org/stable/c/198a80833e3421d4c9820a4ae907120adf598c91 No Types Assigned	https://git.kernel.org/stable/c/198a80833e3421d4c9820a4ae907120adf598c91 Mailing List, Patch
Changed	Reference Type	https://git.kernel.org/stable/c/758678b65164b2158fc1de411092191cb3c394d4 No Types Assigned	https://git.kernel.org/stable/c/758678b65164b2158fc1de411092191cb3c394d4 Mailing List, Patch
Changed	Reference Type	https://git.kernel.org/stable/c/8e0545c83d672750632f46e3f9ad95c48c91a0fc No Types Assigned	https://git.kernel.org/stable/c/8e0545c83d672750632f46e3f9ad95c48c91a0fc Mailing List, Patch
Changed	Reference Type	https://git.kernel.org/stable/c/c55d3564ad25ce87ab7cc6af251f9574faebd8da No Types Assigned	https://git.kernel.org/stable/c/c55d3564ad25ce87ab7cc6af251f9574faebd8da Mailing List, Patch

New CVE Received from kernel.org 7/05/2024 3:15:10 AM

Action	Type	New Value
Added	Description	Record truncated, showing 2048 of 2758 characters. View Entire Change Record In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL commit a421ef303008 ("mm: allow !GFP_KERNEL allocations for kvmalloc") includes support for __GFP_NOFAIL, but it presents a conflict with commit dd544141b9eb ("vmalloc: back off when the current task is OOM-killed"). A possible scenario is as follows: process-a __vmalloc_node_range(GFP_KERNEL \| __GFP_NOFAIL) __vmalloc_area_node() vm_area_alloc_pages() --> oom-killer send SIGKILL to process-a if (fatal_signal_pending(current)) break; --> return NULL; To fix this, do not check fatal_signal_pending() in vm_area_alloc_pages() if __GFP_NOFAIL set. This issue occurred during OPLUS KASAN TEST. Below is part of the log -> oom-killer sends signal to process [65731.222840] [ T1308] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/apps/uid_10198,task=gs.intelligence,pid=32454,uid=10198 [65731.259685] [T32454] Call trace: [65731.259698] [T32454] dump_backtrace+0xf4/0x118 [65731.259734] [T32454] show_stack+0x18/0x24 [65731.259756] [T32454] dump_stack_lvl+0x60/0x7c [65731.259781] [T32454] dump_stack+0x18/0x38 [65731.259800] [T32454] mrdump_common_die+0x250/0x39c [mrdump] [65731.259936] [T32454] ipanic_die+0x20/0x34 [mrdump] [65731.260019] [T32454] atomic_notifier_call_chain+0xb4/0xfc [65731.260047] [T32454] notify_die+0x114/0x198 [65731.260073] [T32454] die+0xf4/0x5b4 [65731.260098] [T32454] die_kernel_fault+0x80/0x98 [65731.260124] [T32454] __do_kernel_fault+0x160/0x2a8 [65731.260146] [T32454] do_bad_area+0x68/0x148 [65731.260174] [T32454] do_mem_abort+0x151c/0x1b34 [65731.260204] [T32454] el1_abort+0x3c/0x5c [65731.260227] [T32454] el1h_64_sync_handler+0x54/0x90 [65731.260248] [T32454] el1h_64_sync+0x68/0x6c [65731.260269] [T32454] z_erofs_decompress_queue+0x7f0/0x2258 --> be->decompressed_pages = kvcalloc(be->nr_pages, sizeof(struct page *), GFP_KERNEL \| __GFP_NOFAIL); kernel panic by NUL
Added	Reference	kernel.org https://git.kernel.org/stable/c/198a80833e3421d4c9820a4ae907120adf598c91 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/758678b65164b2158fc1de411092191cb3c394d4 [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/8e0545c83d672750632f46e3f9ad95c48c91a0fc [No types assigned]
Added	Reference	kernel.org https://git.kernel.org/stable/c/c55d3564ad25ce87ab7cc6af251f9574faebd8da [No types assigned]

Quick Info

CVE Dictionary Entry:
CVE-2024-39474
NVD Published Date:
07/05/2024
NVD Last Modified:
06/17/2026
Source:
kernel.org

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2024-39474 Detail

Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

CVE Modified by CISA-ADP 6/17/2026 3:41:59 AM

CVE Modified by kernel.org 6/17/2026 3:41:59 AM

CVE Modified by CVE 11/03/2025 5:17:04 PM

CVE Modified by CVE 11/21/2024 4:27:44 AM

Initial Analysis by NIST 7/08/2024 1:11:56 PM

New CVE Received from kernel.org 7/05/2024 3:15:10 AM

Quick Info