CVE-2024-41021

MEDIUM

Linux Kernel 6.6-6.6.43, 6.7-6.9.11, 6.10-6.10.1 - Use-After-Free in s390 Memory Management

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: s390/mm: Fix VM_FAULT_HWPOISON handling in do_exception() There is no support for HWPOISON, MEMORY_FAILURE, or ARCH_HAS_COPY_MC on s390. Therefore we do not expect to see VM_FAULT_HWPOISON in do_exception(). However, since commit af19487f00f3 ("mm: make PTE_MARKER_SWAPIN_ERROR more general"), it is possible to see VM_FAULT_HWPOISON in combination with PTE_MARKER_POISONED, even on architectures that do not support HWPOISON otherwise. In this case, we will end up on the BUG() in do_exception(). Fix this by treating VM_FAULT_HWPOISON the same as VM_FAULT_SIGBUS, similar to x86 when MEMORY_FAILURE is not configured. Also print unexpected fault flags, for easier debugging. Note that VM_FAULT_HWPOISON_LARGE is not expected, because s390 cannot support swap entries on other levels than PTE level.

References (4)

Core 4

Scores

CVSS v3 5.5
EPSS 0.0022
EPSS Percentile 12.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-401
Status published
Products (14)
linux/Kernel 6.10.0 - 6.10.2linux
linux/Kernel 6.6.0 - 6.6.44linux
linux/Kernel 6.7.0 - 6.9.12linux
Linux/Linux < 6.6
Linux/Linux 6.10.2 - 6.10.*
Linux/Linux 6.11
Linux/Linux 6.6
Linux/Linux 6.6.44 - 6.6.*
Linux/Linux 6.9.12 - 6.9.*
Linux/Linux af19487f00f34ff8643921d7909dbb3fedc7e329 - 73a9260b7366d2906ec011e100319359fe2277d0
... and 4 more
Published Jul 29, 2024
Tracked Since Feb 18, 2026