Description

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb.c: fix UAF of vma in hugetlb fault pathway Syzbot reports a UAF in hugetlb_fault(). This happens because vmf_anon_prepare() could drop the per-VMA lock and allow the current VMA to be freed before hugetlb_vma_unlock_read() is called. We can fix this by using a modified version of vmf_anon_prepare() that doesn't release the VMA lock on failure, and then release it ourselves after hugetlb_vma_unlock_read().

INFO

Published Date :

2024-10-21T11:53:20.482Z

Last Modified :

2025-05-04T09:37:01.233Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2024-47676 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-47676.

URL Resource
https://git.kernel.org/stable/c/98b74bb4d7e96b4da5ef3126511febe55b76b807 cve-icon cve-icon
https://git.kernel.org/stable/c/d59ebc99dee0a2687a26df94b901eb8216dbf876 cve-icon cve-icon
https://git.kernel.org/stable/c/e897d184a8dd4a4e1f39c8c495598e4d9472776c cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024102105-CVE-2024-47676-016b@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-47676 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-47676 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact