CVE-2024-52319
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-52319
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-52319.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-52319
- Downstream
- Related
- Published
- 2025-01-11T13:15:24Z
- Modified
- 2025-09-23T14:40:30Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
mm: use aligned address in cleargiganticpage()
In current kernel, hugetlbnopage() calls foliozerouser() with the fault address. Where the fault address may be not aligned with the huge page size. Then, foliozerouser() may call cleargiganticpage() with the address, while cleargiganticpage() requires the address to be huge page size aligned. So, this may cause memory corruption or information leak, addtional, use more obvious naming 'addrhint' instead of 'addr' for cleargigantic_page().
- References