DEBIAN-CVE-2024-39477

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2024-39477

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2024-39477.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2024-39477

Upstream

CVE-2024-39477

Published

2024-07-05T07:15:10Z

Modified

2025-09-25T22:40:44Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: do not call vmaaddreservation upon ENOMEM sysbot reported a splat [1] on _unmaphugepagerange(). This is because vmaneedsreservation() can return -ENOMEM if allocatefileregionentries() fails to allocate the fileregion struct for the reservation. Check for that and do not call vmaaddreservation() if that is the case, otherwise regionabort() and regiondel() will see that we do not have any fileregions. If we detect that vmaneedsreservation() returned -ENOMEM, we clear the hugetlbrestorereserve flag as if this reservation was still consumed, so freehugefolio() will not increment the resv count. [1] https://lore.kernel.org/linux-mm/0000000000004096100617c58d54@google.com/T/#ma5983bc1ab18a54910da83416b3f89f3c7ee43aa

References

https://security-tracker.debian.org/tracker/CVE-2024-39477

Affected packages

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.9.7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.9.7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}