CVE-2024-47676

HIGH

Linux Kernel 6.9-6.10.12, 6.11.0-6.11.1, 6.12 - Use-After-Free in hugetlb Fault Pathway

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb.c: fix UAF of vma in hugetlb fault pathway Syzbot reports a UAF in hugetlb_fault(). This happens because vmf_anon_prepare() could drop the per-VMA lock and allow the current VMA to be freed before hugetlb_vma_unlock_read() is called. We can fix this by using a modified version of vmf_anon_prepare() that doesn't release the VMA lock on failure, and then release it ourselves after hugetlb_vma_unlock_read().

References (3)

Core 3

Core References

Patch

https://git.kernel.org/stable/c/e897d184a8dd4a4e1f39c8c495598e4d9472776c

Patch

https://git.kernel.org/stable/c/d59ebc99dee0a2687a26df94b901eb8216dbf876

Patch

https://git.kernel.org/stable/c/98b74bb4d7e96b4da5ef3126511febe55b76b807

Scores

CVSS v3 7.8

EPSS 0.0024

EPSS Percentile 15.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-416

Status published

Products (11)

linux/Kernel 6.11.0 - 6.11.2linux

linux/Kernel 6.9.0 - 6.10.13linux

Linux/Linux < 6.9

Linux/Linux 6.10.13 - 6.10.*

Linux/Linux 6.11.2 - 6.11.*

Linux/Linux 6.12

Linux/Linux 6.9

Linux/Linux 9acad7ba3e25d11f4c96df1b7312ae89e6faca5c - 98b74bb4d7e96b4da5ef3126511febe55b76b807

Linux/Linux 9acad7ba3e25d11f4c96df1b7312ae89e6faca5c - d59ebc99dee0a2687a26df94b901eb8216dbf876

Linux/Linux 9acad7ba3e25d11f4c96df1b7312ae89e6faca5c - e897d184a8dd4a4e1f39c8c495598e4d9472776c

... and 1 more

Published Oct 21, 2024

Tracked Since Feb 18, 2026