CVE-2024-46838
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-46838
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-46838.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-46838
- Downstream
- Published
- 2024-09-27T12:39:33Z
- Modified
- 2025-10-17T12:32:33.505937Z
- Summary
- userfaultfd: don't BUG_ON() if khugepaged yanks our page table
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
userfaultfd: don't BUG_ON() if khugepaged yanks our page table
Since khugepaged was changed to allow retracting page tables in file mappings without holding the mmap lock, these BUG_ON()s are wrong - get rid of them.
We could also remove the preceding "if (unlikely(...))" block, but then we could reach pteoffsetmap_lock() with transhuge pages not just for file mappings but also for anonymous mappings - which would probably be fine but I think is not necessarily expected.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced1d65b771bc08cd054cf6d3766a72e113dc46d62fFixed4a594acc12d5954cdc71d4450a386748bf3d136a
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced1d65b771bc08cd054cf6d3766a72e113dc46d62fFixeddb978287e908d48b209e374b00d847b2d785e0a9
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced1d65b771bc08cd054cf6d3766a72e113dc46d62fFixed4828d207dc5161dc7ddf9a4f6dcfd80c7dd7d20a
Affected versions
v6.*
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.10.1
v6.10.2
v6.10.3
v6.10.4
v6.10.5
v6.10.6
v6.10.7
v6.10.8
v6.10.9
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.5
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.49
v6.6.5
v6.6.50
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
Database specific
vanir_signatures
[
{
"signature_type": "Function",
"id": "CVE-2024-46838-2b1534a6",
"digest": {
"length": 2372.0,
"function_hash": "18098536033945534800877059606035760453"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4a594acc12d5954cdc71d4450a386748bf3d136a",
"target": {
"function": "mfill_atomic",
"file": "mm/userfaultfd.c"
},
"signature_version": "v1"
},
{
"signature_type": "Function",
"id": "CVE-2024-46838-562c19cf",
"digest": {
"length": 2402.0,
"function_hash": "170389505882703913777074609827506956741"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@db978287e908d48b209e374b00d847b2d785e0a9",
"target": {
"function": "mfill_atomic",
"file": "mm/userfaultfd.c"
},
"signature_version": "v1"
},
{
"signature_type": "Line",
"id": "CVE-2024-46838-7cd56796",
"digest": {
"threshold": 0.9,
"line_hashes": [
"96004666317817565490530309859873995859",
"241633244378867718815318597344981592374",
"141521045634378977496508178583805378610",
"337467240914743176470093672690867559397",
"306209937873552094189038798601210212862"
]
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4a594acc12d5954cdc71d4450a386748bf3d136a",
"target": {
"file": "mm/userfaultfd.c"
},
"signature_version": "v1"
},
{
"signature_type": "Line",
"id": "CVE-2024-46838-8c8cb55e",
"digest": {
"threshold": 0.9,
"line_hashes": [
"96004666317817565490530309859873995859",
"241633244378867718815318597344981592374",
"141521045634378977496508178583805378610",
"337467240914743176470093672690867559397",
"306209937873552094189038798601210212862"
]
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@db978287e908d48b209e374b00d847b2d785e0a9",
"target": {
"file": "mm/userfaultfd.c"
},
"signature_version": "v1"
},
{
"signature_type": "Line",
"id": "CVE-2024-46838-ad2ede8f",
"digest": {
"threshold": 0.9,
"line_hashes": [
"96004666317817565490530309859873995859",
"241633244378867718815318597344981592374",
"141521045634378977496508178583805378610",
"337467240914743176470093672690867559397",
"306209937873552094189038798601210212862"
]
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4828d207dc5161dc7ddf9a4f6dcfd80c7dd7d20a",
"target": {
"file": "mm/userfaultfd.c"
},
"signature_version": "v1"
},
{
"signature_type": "Function",
"id": "CVE-2024-46838-fbd742b0",
"digest": {
"length": 2467.0,
"function_hash": "142792275286545535933077538691253461308"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4828d207dc5161dc7ddf9a4f6dcfd80c7dd7d20a",
"target": {
"function": "mfill_atomic",
"file": "mm/userfaultfd.c"
},
"signature_version": "v1"
}
]