CVE-2024-49872

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-49872
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-49872.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-49872
Downstream
Related
Published
2024-10-21T18:01:13Z
Modified
2025-10-17T13:50:05.322932Z
Summary
mm/gup: fix memfd_pin_folios alloc race panic
Details

In the Linux kernel, the following vulnerability has been resolved:

mm/gup: fix memfdpinfolios alloc race panic

If memfdpinfolios tries to create a hugetlb page, but someone else already did, then folio gets the value -EEXIST here:

    folio = memfd_alloc_folio(memfd, start_idx);
    if (IS_ERR(folio)) {
            ret = PTR_ERR(folio);
            if (ret != -EEXIST)
                    goto err;

then on the next trip through the "while start_idx" loop we panic here:

    if (folio) {
            folio_put(folio);

To fix, set the folio to NULL on error.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
89c1905d9c140372b7f50ef48f42378cf85d9bc5
Fixed
e28f39b359c0cfdcc011603e51187085a5f1e5e3
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
89c1905d9c140372b7f50ef48f42378cf85d9bc5
Fixed
ce645b9fdc78ec5d28067286e92871ddae6817d5

Affected versions

v6.*

v6.10
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.11.1
v6.11.2

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.11.0
Fixed
6.11.3