{ "threat_severity" : "Moderate", "public_date" : "2024-09-11T00:00:00Z", "bugzilla" : { "description" : "kernel: mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0", "id" : "2311719", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2311719" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-119", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nmm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0\nThe __vmap_pages_range_noflush() assumes its argument pages** contains\npages with the same page shift. However, since commit e9c3cda4d86e (\"mm,\nvmalloc: fix high order __GFP_NOFAIL allocations\"), if gfp_flags includes\n__GFP_NOFAIL with high order in vm_area_alloc_pages() and page allocation\nfailed for high order, the pages** may contain two different page shifts\n(high order and order-0). This could lead __vmap_pages_range_noflush() to\nperform incorrect mappings, potentially resulting in memory corruption.\nUsers might encounter this as follows (vmap_allow_huge = true, 2M is for\nPMD_SIZE):\nkvmalloc(2M, __GFP_NOFAIL|GFP_X)\n__vmalloc_node_range_noprof(vm_flags=VM_ALLOW_HUGE_VMAP)\nvm_area_alloc_pages(order=9) ---> order-9 allocation failed and fallback to order-0\nvmap_pages_range()\nvmap_pages_range_noflush()\n__vmap_pages_range_noflush(page_shift = 21) ----> wrong mapping happens\nWe can remove the fallback code because if a high-order allocation fails,\n__vmalloc_node_range_noprof() will retry with order-0. Therefore, it is\nunnecessary to fallback to order-0 here. Therefore, fix this by removing\nthe fallback code.", "Incorrect mappings in __vmap_pages_range_noflush() in the Linux kernel, may lead to memory corruption." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-05-13T00:00:00Z", "advisory" : "RHSA-2025:6966", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-570.12.1.el9_6" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-05-13T00:00:00Z", "advisory" : "RHSA-2025:6966", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-570.12.1.el9_6" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Will not fix", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-45022\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-45022\nhttps://lore.kernel.org/linux-cve-announce/2024091109-CVE-2024-45022-08f3@gregkh/T" ], "name" : "CVE-2024-45022", "csaw" : false }