CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-46847: mm: vmalloc: ensure vmap_block is initialised before adding to queue

5.5 CVSS

Description

In the Linux kernel, the following vulnerability has been resolved:

mm: vmalloc: ensure vmap_block is initialised before adding to queue

Commit 8c61291fd850 ("mm: fix incorrect vbq reference in
purge_fragmented_block") extended the 'vmap_block' structure to contain a
'cpu' field which is set at allocation time to the id of the initialising
CPU.

When a new 'vmap_block' is being instantiated by new_vmap_block(), the
partially initialised structure is added to the local 'vmap_block_queue'
xarray before the 'cpu' field has been initialised. If another CPU is
concurrently walking the xarray (e.g. via vm_unmap_aliases()), then it
may perform an out-of-bounds access to the remote queue thanks to an
uninitialised index.

This has been observed as UBSAN errors in Android:

Move the initialisation of 'vb->cpu' in new_vmap_block() ahead of the
addition to the xarray.

Classification

CVE ID: CVE-2024-46847

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.5

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 7.43% (scored less or equal to compared to others)

EPSS Date: 2025-06-02 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-46847
https://git.kernel.org/stable/c/1b2770e27d6d952f491bb362b657e5b2713c3efd
https://git.kernel.org/stable/c/6cf74e0e5e3ab5d5c9defb4c73dad54d52224671
https://git.kernel.org/stable/c/3e3de7947c751509027d26b679ecd243bc9db255

Timeline

2025-05-04 10:40:19 UTC
CVE

mm: vmalloc: ensure vmap_block is initialised before adding to queue