CVE-2024-41055

2024-07-2915:15:13

CWE-476

Linux

web.nvd.nist.gov

linux kernel

cve-2024-41055

vulnerability

mm subsystem

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

Low

EPSS

Percentile

5.0%

JSON

In the Linux kernel, the following vulnerability has been resolved:

mm: prevent derefencing NULL ptr in pfn_section_valid()

Commit 5ec8e8ea8b77 (“mm/sparsemem: fix race in accessing
memory_section->usage”) changed pfn_section_valid() to add a READ_ONCE()
call around “ms->usage” to fix a race with section_deactivate() where
ms->usage can be cleared. The READ_ONCE() call, by itself, is not enough
to prevent NULL pointer dereference. We need to check its value before
dereferencing it.

Affected configurations

Nvd

Vulners

Node

linuxlinux_kernelRange5.10.219–5.10.222

linuxlinux_kernelRange5.15.149–5.15.163

linuxlinux_kernelRange6.1.76–6.1.100

linuxlinux_kernelRange6.6.15–6.6.41

linuxlinux_kernelRange6.8–6.9.10

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "include/linux/mmzone.h"
    ],
    "versions": [
      {
        "version": "90ad17575d26",
        "lessThan": "0100aeb8a12d",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "b448de2459b6",
        "lessThan": "bc17f2377818",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "68ed9e333240",
        "lessThan": "941e81618566",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "70064241f222",
        "lessThan": "797323d1cf92",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "5ec8e8ea8b77",
        "lessThan": "adccdf702b4e",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "5ec8e8ea8b77",
        "lessThan": "82f0b6f041fa",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "include/linux/mmzone.h"
    ],
    "versions": [
      {
        "version": "6.8",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "6.8",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.222",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.163",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.1.100",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6.41",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.9.10",
        "lessThanOrEqual": "6.9.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.10",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]