Description

In the Linux kernel, the following vulnerability has been resolved: io_uring: Fix release of pinned pages when __io_uaddr_map fails Looking at the error path of __io_uaddr_map, if we fail after pinning the pages for any reasons, ret will be set to -EINVAL and the error handler won't properly release the pinned pages. I didn't manage to trigger it without forcing a failure, but it can happen in real life when memory is heavily fragmented.

INFO

Published Date :

2024-05-17T13:41:23.171Z

Last Modified :

2025-05-04T12:55:53.115Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2024-35831 vulnerability.

Vendors Products
Linux
  • Linux Kernel
Redhat
  • Enterprise Linux
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-35831.

URL Resource
https://git.kernel.org/stable/c/0b6f39c175ba5f0ef72bdb3b9d2a06ad78621d62 cve-icon cve-icon cve-icon
https://git.kernel.org/stable/c/4d376d7ad62b6a8e8dfff56b559d9d275e5b9b3a cve-icon cve-icon cve-icon
https://git.kernel.org/stable/c/67d1189d1095d471ed7fa426c7e384a7140a5dd7 cve-icon cve-icon cve-icon
https://git.kernel.org/stable/c/712e2c8415f55a4a4ddaa98a430b87f624109f69 cve-icon cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024051742-CVE-2024-35831-abcc@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-35831 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-35831 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact