CVE-2024-40917

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-40917
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-40917.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-40917
Downstream
Published
2024-07-12T12:25:00.175Z
Modified
2025-11-15T23:52:17.880435Z
Summary
memblock: make memblock_set_node() also warn about use of MAX_NUMNODES
Details

In the Linux kernel, the following vulnerability has been resolved:

memblock: make memblocksetnode() also warn about use of MAX_NUMNODES

On an (old) x86 system with SRAT just covering space above 4Gb:

ACPI: SRAT: Node 0 PXM 0 [mem 0x100000000-0xfffffffff] hotplug

the commit referenced below leads to this NUMA configuration no longer being refused by a CONFIG_NUMA=y kernel (previously

NUMA: nodes only cover 6144MB of your 8185MB e820 RAM. Not used.
No NUMA configuration found
Faking a node at [mem 0x0000000000000000-0x000000027fffffff]

was seen in the log directly after the message quoted above), because of memblockvalidatenumacoverage() checking for NUMANONODE (only). This in turn led to memblockallocrangenid()'s warning about MAXNUMNODES triggering, followed by a NULL deref in memmapinit() when trying to access node 64's (NODE_SHIFT=6) node data.

To compensate said change, make memblocksetnode() warn on and adjust a passed in value of MAX_NUMNODES, just like various other functions already do.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
6fdc770506eb8379bf68a49d4e193c8364ac64e0
Fixed
4ddb7f966f3d06fcf1ba5ee298af6714b593584b
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ff6c3d81f2e86b63a3a530683f89ef393882782a
Fixed
22f742b8f738918f683198a18ec3c691acda14c4
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ff6c3d81f2e86b63a3a530683f89ef393882782a
Fixed
e0eec24e2e199873f43df99ec39773ad3af2bff7

Affected versions

v6.*

v6.10-rc1
v6.6.70
v6.6.71
v6.7
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
v6.9.1
v6.9.2
v6.9.3
v6.9.4
v6.9.5

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e0eec24e2e199873f43df99ec39773ad3af2bff7",
        "signature_type": "Line",
        "target": {
            "file": "mm/memblock.c"
        },
        "id": "CVE-2024-40917-28985c30",
        "digest": {
            "line_hashes": [
                "272660939765790677638087800701862651556",
                "190456233484622953296735111249364190758",
                "139297346545167353230907938887935540166"
            ],
            "threshold": 0.9
        },
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4ddb7f966f3d06fcf1ba5ee298af6714b593584b",
        "signature_type": "Function",
        "target": {
            "function": "memblock_set_node",
            "file": "mm/memblock.c"
        },
        "id": "CVE-2024-40917-289d8e3e",
        "digest": {
            "length": 358.0,
            "function_hash": "127302264967853951841710228344922788089"
        },
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4ddb7f966f3d06fcf1ba5ee298af6714b593584b",
        "signature_type": "Line",
        "target": {
            "file": "mm/memblock.c"
        },
        "id": "CVE-2024-40917-5dbf88dc",
        "digest": {
            "line_hashes": [
                "272660939765790677638087800701862651556",
                "190456233484622953296735111249364190758",
                "139297346545167353230907938887935540166"
            ],
            "threshold": 0.9
        },
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@22f742b8f738918f683198a18ec3c691acda14c4",
        "signature_type": "Line",
        "target": {
            "file": "mm/memblock.c"
        },
        "id": "CVE-2024-40917-90ebdb08",
        "digest": {
            "line_hashes": [
                "272660939765790677638087800701862651556",
                "190456233484622953296735111249364190758",
                "139297346545167353230907938887935540166"
            ],
            "threshold": 0.9
        },
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e0eec24e2e199873f43df99ec39773ad3af2bff7",
        "signature_type": "Function",
        "target": {
            "function": "memblock_set_node",
            "file": "mm/memblock.c"
        },
        "id": "CVE-2024-40917-94de2d61",
        "digest": {
            "length": 358.0,
            "function_hash": "127302264967853951841710228344922788089"
        },
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@22f742b8f738918f683198a18ec3c691acda14c4",
        "signature_type": "Function",
        "target": {
            "function": "memblock_set_node",
            "file": "mm/memblock.c"
        },
        "id": "CVE-2024-40917-ccd74f4d",
        "digest": {
            "length": 358.0,
            "function_hash": "127302264967853951841710228344922788089"
        },
        "deprecated": false
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.6.72
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.9.6