Lucene search

K
redhatcveRedhat.comRH:CVE-2024-35846
HistoryMay 18, 2024 - 1:07 a.m.

CVE-2024-35846

2024-05-1801:07:47
redhat.com
access.redhat.com
1
linux kernel
vulnerability
zswap
null crash
memcg
mitigation

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix shrinker NULL crash with cgroup_disable=memory Christian reports a NULL deref in zswap that he bisected down to the zswap shrinker. The issue also cropped up in the bug trackers of libguestfs [1] and the Red Hat bugzilla [2]. The problem is that when memcg is disabled with the boot time flag, the zswap shrinker might get called with sc->memcg == NULL. This is okay in many places, like the lruvec operations. But it crashes in memcg_page_state() - which is only used due to the non-node accounting of cgroup’s the zswap memory to begin with. Nhat spotted that the memcg can be NULL in the memcg-disabled case, and I was then able to reproduce the crash locally as well. [1] https://github.com/libguestfs/libguestfs/issues/139 [2] https://bugzilla.redhat.com/show_bug.cgi?id=2275252

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%