CVE-2024-35831

Looking at the error path of __iouaddrmap, if we fail after pinning the pages for any reasons, ret will be set to -EINVAL and the error handler won't properly release the pinned pages.

I didn't manage to trigger it without forcing a failure, but it can happen in real life when memory is heavily fragmented.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/35xxx/CVE-2024-35831.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

223ef474316466e9f61f6e0064f3a6fe4923a2c5

Fixed

0b6f39c175ba5f0ef72bdb3b9d2a06ad78621d62

Fixed

712e2c8415f55a4a4ddaa98a430b87f624109f69

Fixed

4d376d7ad62b6a8e8dfff56b559d9d275e5b9b3a

Fixed

67d1189d1095d471ed7fa426c7e384a7140a5dd7

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

3f3164ce6396138747984ee9e61158e248246300

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-35831.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.6.0

Fixed

6.6.23

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.7.11

Type: ECOSYSTEM
Events: Introduced

6.8.0

Fixed

6.8.2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-35831.json"