CVE-2024-50263
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
11/11/2024
Last modified:
09/12/2024
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
fork: only invoke khugepaged, ksm hooks if no error<br />
<br />
There is no reason to invoke these hooks early against an mm that is in an<br />
incomplete state.<br />
<br />
The change in commit d24062914837 ("fork: use __mt_dup() to duplicate<br />
maple tree in dup_mmap()") makes this more pertinent as we may be in a<br />
state where entries in the maple tree are not yet consistent.<br />
<br />
Their placement early in dup_mmap() only appears to have been meaningful<br />
for early error checking, and since functionally it&#39;d require a very small<br />
allocation to fail (in practice &#39;too small to fail&#39;) that&#39;d only occur in<br />
the most dire circumstances, meaning the fork would fail or be OOM&#39;d in<br />
any case.<br />
<br />
Since both khugepaged and KSM tracking are there to provide optimisations<br />
to memory performance rather than critical functionality, it doesn&#39;t<br />
really matter all that much if, under such dire memory pressure, we fail<br />
to register an mm with these.<br />
<br />
As a result, we follow the example of commit d2081b2bf819 ("mm:<br />
khugepaged: make khugepaged_enter() void function") and make ksm_fork() a<br />
void function also.<br />
<br />
We only expose the mm to these functions once we are done with them and<br />
only if no error occurred in the fork operation.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.8 (including) | 6.11.7 (excluding) |
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page