CVE-2024-57945
Description
In the Linux kernel, the following vulnerability has been resolved:
riscv: mm: Fix the out of bound issue of vmemmap address
In sparse vmemmap model, the virtual address of vmemmap is calculated as: ((struct page *)VMEMMAP_START - (phys_ram_base >> PAGE_SHIFT)). And the struct page's va can be calculated with an offset: (vmemmap + (pfn)).
However, when initializing struct pages, kernel actually starts from the first page from the same section that phys_ram_base belongs to. If the first page's physical address is not (phys_ram_base >> PAGE_SHIFT), then we get an va below VMEMMAP_START when calculating va for it's struct page.
For example, if phys_ram_base starts from 0x82000000 with pfn 0x82000, the first page in the same section is actually pfn 0x80000. During init_unavailable_range(), we will initialize struct page for pfn 0x80000 with virtual address ((struct page *)VMEMMAP_START - 0x2000), which is below VMEMMAP_START as well as PCI_IO_END.
This commit fixes this bug by introducing a new variable 'vmemmap_start_pfn' which is aligned with memory section size and using it to calculate vmemmap address instead of phys_ram_base.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=5.10.212,<5.11
- cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.13:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.13:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.13:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.8:-:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.8:rc7:*:*:*:*:*:*
- (no CPE)
- (no CPE)range: 6.8
- osv-coords3 versionspkg:deb/ubuntu/linux-lowlatency@6.11.0-1011.12?arch=source&distro=oracularpkg:deb/ubuntu/linux-raspi@6.11.0-1010.10?arch=source&distro=oracularpkg:linux/kernel
< 6.11.0-1011.12+ 2 more
- (no CPE)range: < 6.11.0-1011.12
- (no CPE)range: < 6.11.0-1010.10
- (no CPE)range: < 5.10.258
Patches
Vulnerability mechanics
References
6- git.kernel.org/stable/c/92f08673d3f1893191323572f60e3c62f2e57c2fnvdPatch
- git.kernel.org/stable/c/a4a7ac3d266008018f05fae53060fcb331151a14nvdPatch
- git.kernel.org/stable/c/d2bd51954ac8377c2f1eb1813e694788998add66nvdPatch
- git.kernel.org/stable/c/f754f27e98f88428aaf6be6e00f5cbce97f62d4bnvdPatch
- git.kernel.org/stable/c/04350304428063da6a55a8a4597d409dc69148b2nvd
- lists.debian.org/debian-lts-announce/2025/08/msg00010.htmlnvd
News mentions
0No linked articles in our index yet.