FKIE_CVE-2024-36000

Vulnerability from fkie_nvd - Published: 2024-05-20 10:15 - Updated: 2026-06-17 07:35
Severity
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix missing hugetlb_lock for resv uncharge There is a recent report on UFFDIO_COPY over hugetlb: https://lore.kernel.org/all/000000000000ee06de0616177560@google.com/ 350: lockdep_assert_held(&hugetlb_lock); Should be an issue in hugetlb but triggered in an userfault context, where it goes into the unlikely path where two threads modifying the resv map together. Mike has a fix in that path for resv uncharge but it looks like the locking criteria was overlooked: hugetlb_cgroup_uncharge_folio_rsvd() will update the cgroup pointer, so it requires to be called with the lock held.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/4c806333efea1000a2a9620926f560ad2e1ca7ccPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/538faabf31e9c53d8c870d114846fda958a0de10Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b76b46902c2d0395488c8412e1116c2486cdfcb2Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f6c5d21db16a0910152ec8aa9d5a7aed72694505Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/4c806333efea1000a2a9620926f560ad2e1ca7ccPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/538faabf31e9c53d8c870d114846fda958a0de10Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/b76b46902c2d0395488c8412e1116c2486cdfcb2Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/f6c5d21db16a0910152ec8aa9d5a7aed72694505Patch
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel 5.10
linux linux_kernel 5.10
linux linux_kernel 5.10
linux linux_kernel 5.10
linux linux_kernel 5.10
linux linux_kernel 5.10
linux linux_kernel 6.9
linux linux_kernel 6.9
linux linux_kernel 6.9
linux linux_kernel 6.9
linux linux_kernel 6.9
To clipboard 

{
  "affected": [
    {
      "affectedData": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "mm/hugetlb.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4c806333efea1000a2a9620926f560ad2e1ca7cc",
              "status": "affected",
              "version": "79aa925bf239c234be8586780e482872dc4690dd",
              "versionType": "git"
            },
            {
              "lessThan": "f6c5d21db16a0910152ec8aa9d5a7aed72694505",
              "status": "affected",
              "version": "79aa925bf239c234be8586780e482872dc4690dd",
              "versionType": "git"
            },
            {
              "lessThan": "538faabf31e9c53d8c870d114846fda958a0de10",
              "status": "affected",
              "version": "79aa925bf239c234be8586780e482872dc4690dd",
              "versionType": "git"
            },
            {
              "lessThan": "b76b46902c2d0395488c8412e1116c2486cdfcb2",
              "status": "affected",
              "version": "79aa925bf239c234be8586780e482872dc4690dd",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "f87004c0b2bdf0f1066b88795d8e6c1dfad6cea0",
              "versionType": "git"
            },
            {
              "lessThan": "5.10",
              "status": "affected",
              "version": "5.9.7",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "mm/hugetlb.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.10"
            },
            {
              "lessThan": "5.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.91",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "41953BA2-2A4C-4534-B159-A460A8F0E834",
              "versionEndExcluding": "5.10",
              "versionStartIncluding": "5.9.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "80A7DAB0-E431-4AE7-A038-798F635DC3DD",
              "versionEndExcluding": "6.1.91",
              "versionStartIncluding": "5.10.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "84046DAF-73CF-429D-9BA4-05B658B377B5",
              "versionEndExcluding": "6.6.30",
              "versionStartIncluding": "6.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F9041E5-8358-4EF7-8F98-B812EDE49612",
              "versionEndExcluding": "6.8.9",
              "versionStartIncluding": "6.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:5.10:-:*:*:*:*:*:*",
              "matchCriteriaId": "B29EBB93-107F-4ED6-8DE3-C2732BC659C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:5.10:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "8F48621E-C427-4C23-9EA6-894419841360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:5.10:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "0CD159FA-170F-4389-9085-CACCF97ABB1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:5.10:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "F0390D83-6C17-4557-BE8D-B659E04F565A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:5.10:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "4120E4B3-B66D-4ACE-8570-1DD4DF20A324",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:5.10:rc7:*:*:*:*:*:*",
              "matchCriteriaId": "73D60343-647D-4B5D-AA6D-CE87C462E368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "52048DDA-FC5A-4363-95A0-A6357B4D7F8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "A06B2CCF-3F43-4FA9-8773-C83C3F5764B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "F850DCEC-E08B-4317-A33B-D2DCF39F601B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: fix missing hugetlb_lock for resv uncharge\n\nThere is a recent report on UFFDIO_COPY over hugetlb:\n\nhttps://lore.kernel.org/all/000000000000ee06de0616177560@google.com/\n\n350:\tlockdep_assert_held(\u0026hugetlb_lock);\n\nShould be an issue in hugetlb but triggered in an userfault context, where\nit goes into the unlikely path where two threads modifying the resv map\ntogether.  Mike has a fix in that path for resv uncharge but it looks like\nthe locking criteria was overlooked: hugetlb_cgroup_uncharge_folio_rsvd()\nwill update the cgroup pointer, so it requires to be called with the lock\nheld."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm/hugetlb: corrige la falta de Hugetlb_lock para descarga de resv. Hay un informe reciente sobre UFFDIO_COPY sobre Hugetlb: https://lore.kernel.org/all/000000000000ee06de0616177560@google.com/ 350: lockdep_assert_held(\u0026amp;hugetlb_lock); Deber\u00eda ser un problema en hugetlb pero se activa en un contexto de error de usuario, donde entra en la ruta poco probable en la que dos subprocesos modifican el mapa resv juntos. Mike tiene una soluci\u00f3n en esa ruta para la descarga de resv, pero parece que se pas\u00f3 por alto el criterio de bloqueo: hugetlb_cgroup_uncharge_folio_rsvd() actualizar\u00e1 el puntero de cgroup, por lo que es necesario llamarlo con el bloqueo retenido."
    }
  ],
  "id": "CVE-2024-36000",
  "lastModified": "2026-06-17T07:35:55.160",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2024-36000",
          "options": [
            {
              "exploitation": "none"
            },
            {
              "automatable": "no"
            },
            {
              "technicalImpact": "partial"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2024-05-20T14:22:13.871546Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2024-05-20T10:15:14.163",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/4c806333efea1000a2a9620926f560ad2e1ca7cc"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/538faabf31e9c53d8c870d114846fda958a0de10"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/b76b46902c2d0395488c8412e1116c2486cdfcb2"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/f6c5d21db16a0910152ec8aa9d5a7aed72694505"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/4c806333efea1000a2a9620926f560ad2e1ca7cc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/538faabf31e9c53d8c870d114846fda958a0de10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/b76b46902c2d0395488c8412e1116c2486cdfcb2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/f6c5d21db16a0910152ec8aa9d5a7aed72694505"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-617"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.