SB2024082881 - Resource management error in Linux kernel mm

Description

This security bulletin contains information about 1 security vulnerability.

1) Resource management error (CVE-ID: CVE-2024-44943)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the hugetlb_follow_page_mask() function in mm/hugetlb.c, within the follow_devmap_pmd(), follow_devmap_pud() and follow_trans_huge_pmd() functions in mm/huge_memory.c, within the try_grab_folio(), gup_put_folio(), follow_page_pte(), get_gate_page(), undo_dev_pagemap(), gup_pte_range(), __gup_device_huge(), gup_hugepte(), gup_huge_pmd(), gup_huge_pud() and gup_huge_pgd() functions in mm/gup.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/26273f5f4cf68b29414e403837093408a9c98e1f
• https://git.kernel.org/stable/c/f442fa6141379a20b48ae3efabee827a3d260787
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.47