CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-51729: mm: use aligned address in copy_user_gigantic_page()

Description

In the Linux kernel, the following vulnerability has been resolved:

mm: use aligned address in copy_user_gigantic_page()

In current kernel, hugetlb_wp() calls copy_user_large_folio() with the
fault address. Where the fault address may be not aligned with the huge
page size. Then, copy_user_large_folio() may call
copy_user_gigantic_page() with the address, while
copy_user_gigantic_page() requires the address to be huge page size
aligned. So, this may cause memory corruption or information leak,
addtional, use more obvious naming 'addr_hint' instead of 'addr' for
copy_user_gigantic_page().

Classification

CVE ID: CVE-2024-51729

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.47% (scored less or equal to compared to others)

EPSS Date: 2025-02-09 (when was this score calculated)

References

https://git.kernel.org/stable/c/cb12d61361ce769672c7c7bd32107252598cdd8b
https://git.kernel.org/stable/c/f5d09de9f1bf9674c6418ff10d0a40cfe29268e1

Timeline

2025-01-12 00:30:25 UTC
CVE

mm: use aligned address in copy_user_gigantic_page()
2025-03-06 09:45:33 UTC
Tenable Plugins

Linux Distros Unpatched Vulnerability : CVE-2024-51729