#VU96598 Resource management error in Linux kernel - CVE-2024-44943
Published: August 28, 2024 / Updated: May 12, 2025
Vulnerability identifier: #VU96598
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-44943
CWE-ID: CWE-399
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the hugetlb_follow_page_mask() function in mm/hugetlb.c, within the follow_devmap_pmd(), follow_devmap_pud() and follow_trans_huge_pmd() functions in mm/huge_memory.c, within the try_grab_folio(), gup_put_folio(), follow_page_pte(), get_gate_page(), undo_dev_pagemap(), gup_pte_range(), __gup_device_huge(), gup_hugepte(), gup_huge_pmd(), gup_huge_pud() and gup_huge_pgd() functions in mm/gup.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.