35 matches found
CVE-2024-36000
CVE-2024-36000 addresses a synchronization issue in the Linux kernel's management of huge pages. The problem arises when multiple threads modify the reservation map concurrently without proper locking, leading to potential inconsistencies and system instability...
DEBIAN-CVE-2024-36000
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix missing hugetlblock for resv uncharge There is a recent report on UFFDIOCOPY over hugetlb: https://lore.kernel.org/all/[email protected]/ 350: lockdepassertheld&hugetlblock; Should be an issu...
AZL-67703 CVE-2024-36000 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix missing hugetlblock for resv uncharge There is a recent report on UFFDIOCOPY over hugetlb: https://lore.kernel.org/all/[email protected]/ 350: lockdepassertheld&hugetlblock; Should be an issu...
CVE-2024-36000
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix missing hugetlblock for resv uncharge There is a recent report on UFFDIOCOPY over hugetlb: https://lore.kernel.org/all/[email protected]/ 350: lockdepassertheld&hugetlblock; Should be an issu...
CVE-2024-36000
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix missing hugetlblock for resv uncharge There is a recent report on UFFDIOCOPY over hugetlb: https://lore.kernel.org/all/[email protected]/ 350: lockdepassertheld&hugetlblock; Should be an issu...
UBUNTU-CVE-2024-36000
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix missing hugetlblock for resv uncharge There is a recent report on UFFDIOCOPY over hugetlb: https://lore.kernel.org/all/[email protected]/ 350: lockdepassertheld&hugetlblock; Should be an issu...
CVE-2024-36000
The vulnerability CVE-2024-36000 is a Linux kernel issue where mm/hugetlb could miss acquiring hugetlb_lock during resv uncharge, particularly in a userfault context via UFFDIO_COPY. The root cause is locking criteria being overlooked in hugetlb_cgroup_uncharge_folio_rsvd(), which updates the cgr...
CVE-2024-36000 mm/hugetlb: fix missing hugetlb_lock for resv uncharge
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix missing hugetlblock for resv uncharge There is a recent report on UFFDIOCOPY over hugetlb: https://lore.kernel.org/all/[email protected]/ 350: lockdepassertheld&hugetlblock; Should be an issu...
PT-2024-26837
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to a missing lock in the hugetlb code, which can be triggered in an userfault context. This occurs when two threads modify the resv map together, going into an...
kernel: mm: hugetlb: fix UAF in hugetlb_handle_userfault
In the Linux kernel, the following vulnerability has been resolved: mm: hugetlb: fix UAF in hugetlbhandleuserfault The vmalock and hugetlbfaultmutex are dropped before handling userfault and reacquire them again after handleuserfault, but reacquire the vmalock could lead to UAF1,2 due to the...
GSD-2022-1007213 mm: hugetlb: fix UAF in hugetlb_handle_userfault
mm: hugetlb: fix UAF in hugetlbhandleuserfault This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.150 by commit...
GSD-2022-1006713 mm: hugetlb: fix UAF in hugetlb_handle_userfault
mm: hugetlb: fix UAF in hugetlbhandleuserfault This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.3 by commit...
PT-2022-35254 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.75 Description: The issue is related to a use-after-free UAF bug in the hugetlb handle userfault function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux...
PT-2022-34968 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: The issue is related to a use-after-free UAF error in the hugetlb handle userfault function. The actual impact and attack plausibility have not yet been proven. It was introduced in version...
PT-2022-35468 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.150 Description: The issue is related to a use-after-free UAF bug in the hugetlb handle userfault function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux...