CVE-2024-52319

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-52319
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-52319.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-52319
Downstream
Related
Published
2025-01-11T13:15:24Z
Modified
2025-09-23T14:40:30Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

mm: use aligned address in cleargiganticpage()

In current kernel, hugetlbnopage() calls foliozerouser() with the fault address. Where the fault address may be not aligned with the huge page size. Then, foliozerouser() may call cleargiganticpage() with the address, while cleargiganticpage() requires the address to be huge page size aligned. So, this may cause memory corruption or information leak, addtional, use more obvious naming 'addrhint' instead of 'addr' for cleargigantic_page().

References

Affected packages