cve-2024-41031
Vulnerability from cvelistv5
Published
2024-07-29 14:31
Modified
2024-12-19 09:10
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: mm/filemap: skip to create PMD-sized page cache if needed On ARM64, HPAGE_PMD_ORDER is 13 when the base page size is 64KB. The PMD-sized page cache can't be supported by xarray as the following error messages indicate. ------------[ cut here ]------------ WARNING: CPU: 35 PID: 7484 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128 Modules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib \ nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct \ nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 \ ip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm \ fuse xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 \ sha1_ce virtio_net net_failover virtio_console virtio_blk failover \ dimlib virtio_mmio CPU: 35 PID: 7484 Comm: test Kdump: loaded Tainted: G W 6.10.0-rc5-gavin+ #9 Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024 pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : xas_split_alloc+0xf8/0x128 lr : split_huge_page_to_list_to_order+0x1c4/0x720 sp : ffff800087a4f6c0 x29: ffff800087a4f6c0 x28: ffff800087a4f720 x27: 000000001fffffff x26: 0000000000000c40 x25: 000000000000000d x24: ffff00010625b858 x23: ffff800087a4f720 x22: ffffffdfc0780000 x21: 0000000000000000 x20: 0000000000000000 x19: ffffffdfc0780000 x18: 000000001ff40000 x17: 00000000ffffffff x16: 0000018000000000 x15: 51ec004000000000 x14: 0000e00000000000 x13: 0000000000002000 x12: 0000000000000020 x11: 51ec000000000000 x10: 51ece1c0ffff8000 x9 : ffffbeb961a44d28 x8 : 0000000000000003 x7 : ffffffdfc0456420 x6 : ffff0000e1aa6eb8 x5 : 20bf08b4fe778fca x4 : ffffffdfc0456420 x3 : 0000000000000c40 x2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000 Call trace: xas_split_alloc+0xf8/0x128 split_huge_page_to_list_to_order+0x1c4/0x720 truncate_inode_partial_folio+0xdc/0x160 truncate_inode_pages_range+0x1b4/0x4a8 truncate_pagecache_range+0x84/0xa0 xfs_flush_unmap_range+0x70/0x90 [xfs] xfs_file_fallocate+0xfc/0x4d8 [xfs] vfs_fallocate+0x124/0x2e8 ksys_fallocate+0x4c/0xa0 __arm64_sys_fallocate+0x24/0x38 invoke_syscall.constprop.0+0x7c/0xd8 do_el0_svc+0xb4/0xd0 el0_svc+0x44/0x1d8 el0t_64_sync_handler+0x134/0x150 el0t_64_sync+0x17c/0x180 Fix it by skipping to allocate PMD-sized page cache when its size is larger than MAX_PAGECACHE_ORDER. For this specific case, we will fall to regular path where the readahead window is determined by BDI's sysfs file (read_ahead_kb).
Impacted products
Vendor Product Version
Linux Linux Version: 5.18
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:39:56.076Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/06b5a69c27ec405a3c3f2da8520ff1ee70b94a21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1ef650d3b1b2a16473981b447f38705fe9b93972"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3390916aca7af1893ed2ebcdfee1d6fdb65bb058"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41031",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:23:47.337033Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:03.906Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "mm/filemap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "06b5a69c27ec405a3c3f2da8520ff1ee70b94a21",
              "status": "affected",
              "version": "4687fdbb805a92ce5a9f23042c436dc64fef8b77",
              "versionType": "git"
            },
            {
              "lessThan": "1ef650d3b1b2a16473981b447f38705fe9b93972",
              "status": "affected",
              "version": "4687fdbb805a92ce5a9f23042c436dc64fef8b77",
              "versionType": "git"
            },
            {
              "lessThan": "3390916aca7af1893ed2ebcdfee1d6fdb65bb058",
              "status": "affected",
              "version": "4687fdbb805a92ce5a9f23042c436dc64fef8b77",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "mm/filemap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.18"
            },
            {
              "lessThan": "5.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.41",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/filemap: skip to create PMD-sized page cache if needed\n\nOn ARM64, HPAGE_PMD_ORDER is 13 when the base page size is 64KB.  The\nPMD-sized page cache can\u0027t be supported by xarray as the following error\nmessages indicate.\n\n------------[ cut here ]------------\nWARNING: CPU: 35 PID: 7484 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128\nModules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib  \\\nnft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct    \\\nnft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4    \\\nip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm      \\\nfuse xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64      \\\nsha1_ce virtio_net net_failover virtio_console virtio_blk failover \\\ndimlib virtio_mmio\nCPU: 35 PID: 7484 Comm: test Kdump: loaded Tainted: G W 6.10.0-rc5-gavin+ #9\nHardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024\npstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\npc : xas_split_alloc+0xf8/0x128\nlr : split_huge_page_to_list_to_order+0x1c4/0x720\nsp : ffff800087a4f6c0\nx29: ffff800087a4f6c0 x28: ffff800087a4f720 x27: 000000001fffffff\nx26: 0000000000000c40 x25: 000000000000000d x24: ffff00010625b858\nx23: ffff800087a4f720 x22: ffffffdfc0780000 x21: 0000000000000000\nx20: 0000000000000000 x19: ffffffdfc0780000 x18: 000000001ff40000\nx17: 00000000ffffffff x16: 0000018000000000 x15: 51ec004000000000\nx14: 0000e00000000000 x13: 0000000000002000 x12: 0000000000000020\nx11: 51ec000000000000 x10: 51ece1c0ffff8000 x9 : ffffbeb961a44d28\nx8 : 0000000000000003 x7 : ffffffdfc0456420 x6 : ffff0000e1aa6eb8\nx5 : 20bf08b4fe778fca x4 : ffffffdfc0456420 x3 : 0000000000000c40\nx2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000\nCall trace:\n xas_split_alloc+0xf8/0x128\n split_huge_page_to_list_to_order+0x1c4/0x720\n truncate_inode_partial_folio+0xdc/0x160\n truncate_inode_pages_range+0x1b4/0x4a8\n truncate_pagecache_range+0x84/0xa0\n xfs_flush_unmap_range+0x70/0x90 [xfs]\n xfs_file_fallocate+0xfc/0x4d8 [xfs]\n vfs_fallocate+0x124/0x2e8\n ksys_fallocate+0x4c/0xa0\n __arm64_sys_fallocate+0x24/0x38\n invoke_syscall.constprop.0+0x7c/0xd8\n do_el0_svc+0xb4/0xd0\n el0_svc+0x44/0x1d8\n el0t_64_sync_handler+0x134/0x150\n el0t_64_sync+0x17c/0x180\n\nFix it by skipping to allocate PMD-sized page cache when its size is\nlarger than MAX_PAGECACHE_ORDER.  For this specific case, we will fall to\nregular path where the readahead window is determined by BDI\u0027s sysfs file\n(read_ahead_kb)."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:10:26.738Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/06b5a69c27ec405a3c3f2da8520ff1ee70b94a21"
        },
        {
          "url": "https://git.kernel.org/stable/c/1ef650d3b1b2a16473981b447f38705fe9b93972"
        },
        {
          "url": "https://git.kernel.org/stable/c/3390916aca7af1893ed2ebcdfee1d6fdb65bb058"
        }
      ],
      "title": "mm/filemap: skip to create PMD-sized page cache if needed",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41031",
    "datePublished": "2024-07-29T14:31:46.943Z",
    "dateReserved": "2024-07-12T12:17:45.618Z",
    "dateUpdated": "2024-12-19T09:10:26.738Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-41031\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-07-29T15:15:11.770\",\"lastModified\":\"2024-11-21T09:32:06.137\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nmm/filemap: skip to create PMD-sized page cache if needed\\n\\nOn ARM64, HPAGE_PMD_ORDER is 13 when the base page size is 64KB.  The\\nPMD-sized page cache can\u0027t be supported by xarray as the following error\\nmessages indicate.\\n\\n------------[ cut here ]------------\\nWARNING: CPU: 35 PID: 7484 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128\\nModules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib  \\\\\\nnft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct    \\\\\\nnft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4    \\\\\\nip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm      \\\\\\nfuse xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64      \\\\\\nsha1_ce virtio_net net_failover virtio_console virtio_blk failover \\\\\\ndimlib virtio_mmio\\nCPU: 35 PID: 7484 Comm: test Kdump: loaded Tainted: G W 6.10.0-rc5-gavin+ #9\\nHardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024\\npstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\\npc : xas_split_alloc+0xf8/0x128\\nlr : split_huge_page_to_list_to_order+0x1c4/0x720\\nsp : ffff800087a4f6c0\\nx29: ffff800087a4f6c0 x28: ffff800087a4f720 x27: 000000001fffffff\\nx26: 0000000000000c40 x25: 000000000000000d x24: ffff00010625b858\\nx23: ffff800087a4f720 x22: ffffffdfc0780000 x21: 0000000000000000\\nx20: 0000000000000000 x19: ffffffdfc0780000 x18: 000000001ff40000\\nx17: 00000000ffffffff x16: 0000018000000000 x15: 51ec004000000000\\nx14: 0000e00000000000 x13: 0000000000002000 x12: 0000000000000020\\nx11: 51ec000000000000 x10: 51ece1c0ffff8000 x9 : ffffbeb961a44d28\\nx8 : 0000000000000003 x7 : ffffffdfc0456420 x6 : ffff0000e1aa6eb8\\nx5 : 20bf08b4fe778fca x4 : ffffffdfc0456420 x3 : 0000000000000c40\\nx2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000\\nCall trace:\\n xas_split_alloc+0xf8/0x128\\n split_huge_page_to_list_to_order+0x1c4/0x720\\n truncate_inode_partial_folio+0xdc/0x160\\n truncate_inode_pages_range+0x1b4/0x4a8\\n truncate_pagecache_range+0x84/0xa0\\n xfs_flush_unmap_range+0x70/0x90 [xfs]\\n xfs_file_fallocate+0xfc/0x4d8 [xfs]\\n vfs_fallocate+0x124/0x2e8\\n ksys_fallocate+0x4c/0xa0\\n __arm64_sys_fallocate+0x24/0x38\\n invoke_syscall.constprop.0+0x7c/0xd8\\n do_el0_svc+0xb4/0xd0\\n el0_svc+0x44/0x1d8\\n el0t_64_sync_handler+0x134/0x150\\n el0t_64_sync+0x17c/0x180\\n\\nFix it by skipping to allocate PMD-sized page cache when its size is\\nlarger than MAX_PAGECACHE_ORDER.  For this specific case, we will fall to\\nregular path where the readahead window is determined by BDI\u0027s sysfs file\\n(read_ahead_kb).\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: mm/filemap: omita para crear un cach\u00e9 de p\u00e1gina del tama\u00f1o de PMD si es necesario. En ARM64, HPAGE_PMD_ORDER es 13 cuando el tama\u00f1o de p\u00e1gina base es 64 KB. Xarray no puede admitir la cach\u00e9 de p\u00e1ginas de tama\u00f1o PMD, como lo indican los siguientes mensajes de error. ------------[ cortar aqu\u00ed ]------------ ADVERTENCIA: CPU: 35 PID: 7484 en lib/xarray.c:1025 xas_split_alloc+0xf8/0x128 M\u00f3dulos vinculado en: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib \\\\ nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct \\\\ nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 \\\\ ip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm \\\\ fuse xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 \\\\ sha1_ce virtio_net net_failover virtio_console virtio_blk failover \\\\ dimlib virtio_mmio CPU: 35 PID : 7484 Comm: prueba Kdump: cargado Contaminado: GW 6.10.0-rc5-gavin+ #9 Nombre del hardware: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 24/05/2024 pstate: 83400005 (Nzcv daif +PAN - UAO +TCO +DIT -SSBS BTYPE=--) pc: xas_split_alloc+0xf8/0x128 lr: split_huge_page_to_list_to_order+0x1c4/0x720 sp: ffff800087a4f6c0 x29: ffff800087a4f6c0 x28: 0 x27: 000000001fffffff x26: 0000000000000c40 x25: 000000000000000d x24: ffff00010625b858 x23: ffff800087a4f720 x22: ffffffdfc0780000 x21: 0000000000000000 x20: 0000000000000000 x19: ffffffdfc0780000 x18: 000000001ff40000 x17: 00000000ffffffff x16: 0018000000000 x15: 51ec004000000000 x14: 0000e00000000000 x13: 0000000000002000 x12: 0000000000000020 x11: 51ec000000000000 x10: 1c0ffff8000 x9: ffffbeb961a44d28 x8: 0000000000000003 x7: ffffffdfc0456420 x6: ffff0000e1aa6eb8 x5: 20bf08b4fe778fca x4: ffffffdfc0456420 x3: 0000000000000c40 x2: 000000000000000d x1: 000000000000000c x0: 0000000000 000000 Rastreo de llamadas: xas_split_alloc+0xf8/0x128 split_huge_page_to_list_to_order+0x1c4/0x720 truncate_inode_partial_folio+0xdc/0x160 truncate_inode_pages_range+0x1b4/0x4a8 truncate_pagecache_range+0x84/0xa0 xfs _flush_unmap_range+0x70 /0x90 [xfs] xfs_file_fallocate+0xfc/0x4d8 [xfs] vfs_fallocate+0x124/0x2e8 ksys_fallocate+0x4c/0xa0 __arm64_sys_fallocate+0x24/0x38 invoke_syscall.constprop.0+0x7c/0xd8 do_el0_ svc+0xb4/0xd0 el0_svc+0x44/0x1d8 el0t_64_sync_handler+0x134 /0x150 el0t_64_sync+0x17c/0x180 Corr\u00edjalo omitiendo la asignaci\u00f3n de cach\u00e9 de p\u00e1gina de tama\u00f1o PMD cuando su tama\u00f1o sea mayor que MAX_PAGECACHE_ORDER. Para este caso espec\u00edfico, recurriremos a la ruta normal donde la ventana de lectura anticipada est\u00e1 determinada por el archivo sysfs de BDI (read_ahead_kb).\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/06b5a69c27ec405a3c3f2da8520ff1ee70b94a21\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/1ef650d3b1b2a16473981b447f38705fe9b93972\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/3390916aca7af1893ed2ebcdfee1d6fdb65bb058\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/06b5a69c27ec405a3c3f2da8520ff1ee70b94a21\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/1ef650d3b1b2a16473981b447f38705fe9b93972\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/3390916aca7af1893ed2ebcdfee1d6fdb65bb058\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.