admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-409xx/CVE-2024-40950.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

37 lines
4.3 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-40950",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-12T13:15:17.353",
"lastModified": "2024-11-21T09:31:55.947",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: huge_memory: fix misused mapping_large_folio_support() for anon folios\n\nWhen I did a large folios split test, a WARNING \"[ 5059.122759][ T166]\nCannot split file folio to non-0 order\" was triggered. But the test cases\nare only for anonmous folios. while mapping_large_folio_support() is only\nreasonable for page cache folios.\n\nIn split_huge_page_to_list_to_order(), the folio passed to\nmapping_large_folio_support() maybe anonmous folio. The folio_test_anon()\ncheck is missing. So the split of the anonmous THP is failed. This is\nalso the same for shmem_mapping(). We'd better add a check for both. But\nthe shmem_mapping() in __split_huge_page() is not involved, as for\nanonmous folios, the end parameter is set to -1, so (head[i].index >= end)\nis always false. shmem_mapping() is not called.\n\nAlso add a VM_WARN_ON_ONCE() in mapping_large_folio_support() for anon\nmapping, So we can detect the wrong use more easily.\n\nTHP folios maybe exist in the pagecache even the file system doesn't\nsupport large folio, it is because when CONFIG_TRANSPARENT_HUGEPAGE is\nenabled, khugepaged will try to collapse read-only file-backed pages to\nTHP. But the mapping does not actually support multi order large folios\nproperly.\n\nUsing /sys/kernel/debug/split_huge_pages to verify this, with this patch,\nlarge anon THP is successfully split and the warning is ceased."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: mm: enorme_memoria: corrige el mapeo_grande_folio_support() mal utilizado para publicaciones an\u00f3nimas Cuando hice una prueba de divisi\u00f3n de publicaciones grandes, apareci\u00f3 una ADVERTENCIA \"[ 5059.122759][ T166] No se puede dividir la publicaci\u00f3n del archivo en un valor distinto de 0 \"orden\" se activ\u00f3. Pero los casos de prueba son s\u00f3lo para folios an\u00f3nimos. mientras que mapping_large_folio_support() solo es razonable para las publicaciones de cach\u00e9 de p\u00e1ginas. En split_huge_page_to_list_to_order(), la publicaci\u00f3n pas\u00f3 a mapping_large_folio_support(), tal vez una publicaci\u00f3n an\u00f3nima. Falta la verificaci\u00f3n folio_test_anon(). As\u00ed que la divisi\u00f3n del THP an\u00f3nimo fracas\u00f3. Esto tambi\u00e9n es lo mismo para shmem_mapping(). Ser\u00e1 mejor que agreguemos un cheque para ambos. Pero shmem_mapping() en __split_huge_page() no est\u00e1 involucrado, ya que para las publicaciones an\u00f3nimas, el par\u00e1metro final se establece en -1, por lo que (head[i].index >= end) siempre es falso. shmem_mapping() no se llama. Tambi\u00e9n agregue un VM_WARN_ON_ONCE() en mapping_large_folio_support() para un mapeo an\u00f3nimo, para que podamos detectar el uso incorrecto m\u00e1s f\u00e1cilmente. Es posible que existan publicaciones de THP en el cach\u00e9 de p\u00e1ginas, incluso si el sistema de archivos no admite publicaciones grandes, esto se debe a que cuando CONFIG_TRANSPARENT_HUGEPAGE est\u00e1 habilitado, khugepaged intentar\u00e1 colapsar las p\u00e1ginas respaldadas por archivos de solo lectura en THP. Pero el mapeo en realidad no admite correctamente folios grandes de varios pedidos. Usando /sys/kernel/debug/split_huge_pages para verificar esto, con este parche, un THP an\u00f3nimo grande se divide con \u00e9xito y la advertencia cesa."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/5df493a99fcf887133cf01d23cd4bebb6d385d3c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6a50c9b512f7734bc356f4bd47885a6f7c98491a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5df493a99fcf887133cf01d23cd4bebb6d385d3c",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/6a50c9b512f7734bc356f4bd47885a6f7c98491a",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}
Reference in New Issue View Git Blame Copy Permalink