CVE-2024-26621

mm: huge_memory: don't force huge page alignment on 32 bit

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: mm: huge_memory: don't force huge page alignment on 32 bit commit efa7df3e3bb5 ("mm: align larger anonymous mappings on THP
boundaries") caused two issues [1] [2] reported on 32 bit system or compat
userspace. It doesn't make too much sense to force huge page alignment on 32 bit
system due to the constrained virtual address space. [1] https://lore.kernel.org/linux-mm/d0a136a0-4a31-46bc-adf4-2db109a61672@kernel.org/
[2] https://lore.kernel.org/linux-mm/CAJuCfpHXLdQy1a2B6xN2d7quTYwg2OoZseYPZTRpU0eHHKD-sQ@mail.gmail.com/

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: mm: huge_memory: no forzar una alineación de página enorme en el commit de 32 bits efa7df3e3bb5 ("mm: alinear asignaciones anónimas más grandes en los límites de THP") causó dos problemas [1] [2] informado en un sistema de 32 bits o espacio de usuario compatible. No tiene mucho sentido forzar una gran alineación de páginas en un sistema de 32 bits debido al espacio limitado de direcciones virtuales. [1] https://lore.kernel.org/linux-mm/d0a136a0-4a31-46bc-adf4-2db109a61672@kernel.org/ [2] https://lore.kernel.org/linux-mm/CAJuCfpHXLdQy1a2B6xN2d7quTYwg2OoZseYPZTRpU0eHHKD- sQ@mail.gmail.com/

In the Linux kernel, the following vulnerability has been resolved: mm: huge_memory: don't force huge page alignment on 32 bit commit efa7df3e3bb5 ("mm: align larger anonymous mappings on THP boundaries") caused two issues [1] [2] reported on 32 bit system or compat userspace. It doesn't make too much sense to force huge page alignment on 32 bit system due to the constrained virtual address space. [1] https://lore.kernel.org/linux-mm/d0a136a0-4a31-46bc-adf4-2db109a61672@kernel.org/ [2] https://lore.kernel.org/linux-mm/CAJuCfpHXLdQy1a2B6xN2d7quTYwg2OoZseYPZTRpU0eHHKD-sQ@mail.gmail.com/

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-19 CVE Reserved
2024-03-02 CVE Published
2024-12-19 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (26)

URL	Tag	Source
https://git.kernel.org/stable/c/1854bc6e2420472676c5c90d3d6b15f6cd640e40	Vuln. Introduced
http://www.openwall.com/lists/oss-security/2024/07/08/3
http://www.openwall.com/lists/oss-security/2024/07/08/4
http://www.openwall.com/lists/oss-security/2024/07/08/5
http://www.openwall.com/lists/oss-security/2024/07/08/6
http://www.openwall.com/lists/oss-security/2024/07/08/7
http://www.openwall.com/lists/oss-security/2024/07/08/8
http://www.openwall.com/lists/oss-security/2024/07/09/1
http://www.openwall.com/lists/oss-security/2024/07/10/5
http://www.openwall.com/lists/oss-security/2024/07/10/7
http://www.openwall.com/lists/oss-security/2024/07/10/8
http://www.openwall.com/lists/oss-security/2024/07/11/4
http://www.openwall.com/lists/oss-security/2024/07/11/5
http://www.openwall.com/lists/oss-security/2024/07/11/7
http://www.openwall.com/lists/oss-security/2024/07/12/3
http://www.openwall.com/lists/oss-security/2024/07/13/2
http://www.openwall.com/lists/oss-security/2024/07/13/7
http://www.openwall.com/lists/oss-security/2024/07/15/1
http://www.openwall.com/lists/oss-security/2024/07/15/2
http://www.openwall.com/lists/oss-security/2024/07/16/1
http://www.openwall.com/lists/oss-security/2024/07/16/2
https://zolutal.github.io/aslrnt

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/87632bc9ecff5ded93433bc0fca428019bdd1cfe	2024-03-06
https://git.kernel.org/stable/c/6ea9aa8d97e6563676094cb35755884173269555	2024-08-14
https://git.kernel.org/stable/c/7432376c913381c5f24d373a87ff629bbde94b47	2024-02-23
https://git.kernel.org/stable/c/4ef9ad19e17676b9ef071309bc62020e2373705d	2024-01-26

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.18 < 6.1.81 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.18 < 6.1.81"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.18 < 6.6.46 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.18 < 6.6.46"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.18 < 6.7.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.18 < 6.7.6"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.18 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.18 < 6.8"		en		Affected