Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-26783— mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index

EPSS 0.01% · P2
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-26783

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index With numa balancing on, when a numa system is running where a numa node doesn't have its local memory so it has no managed zones, the following oops has been observed. It's because wakeup_kswapd() is called with a wrong zone index, -1. Fixed it by checking the index before calling wakeup_kswapd(). > BUG: unable to handle page fault for address: 00000000000033f3 > #PF: supervisor read access in kernel mode > #PF: error_code(0x0000) - not-present page > PGD 0 P4D 0 > Oops: 0000 [#1] PREEMPT SMP NOPTI > CPU: 2 PID: 895 Comm: masim Not tainted 6.6.0-dirty #255 > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS > rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 > RIP: 0010:wakeup_kswapd (./linux/mm/vmscan.c:7812) > Code: (omitted) > RSP: 0000:ffffc90004257d58 EFLAGS: 00010286 > RAX: ffffffffffffffff RBX: ffff88883fff0480 RCX: 0000000000000003 > RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88883fff0480 > RBP: ffffffffffffffff R08: ff0003ffffffffff R09: ffffffffffffffff > R10: ffff888106c95540 R11: 0000000055555554 R12: 0000000000000003 > R13: 0000000000000000 R14: 0000000000000000 R15: ffff88883fff0940 > FS: 00007fc4b8124740(0000) GS:ffff888827c00000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 00000000000033f3 CR3: 000000026cc08004 CR4: 0000000000770ee0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > PKRU: 55555554 > Call Trace: > <TASK> > ? __die > ? page_fault_oops > ? __pte_offset_map_lock > ? exc_page_fault > ? asm_exc_page_fault > ? wakeup_kswapd > migrate_misplaced_page > __handle_mm_fault > handle_mm_fault > do_user_addr_fault > exc_page_fault > asm_exc_page_fault > RIP: 0033:0x55b897ba0808 > Code: (omitted) > RSP: 002b:00007ffeefa821a0 EFLAGS: 00010287 > RAX: 000055b89983acd0 RBX: 00007ffeefa823f8 RCX: 000055b89983acd0 > RDX: 00007fc2f8122010 RSI: 0000000000020000 RDI: 000055b89983acd0 > RBP: 00007ffeefa821a0 R08: 0000000000000037 R09: 0000000000000075 > R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 > R13: 00007ffeefa82410 R14: 000055b897ba5dd8 R15: 00007fc4b8340000 > </TASK>
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于调用错误区域索引。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux c574bbe917036c8968b984c82c7b13194fe5ce98 ~ e5ec1c24e71dbf144677a975d6ba91043c2193db -
LinuxLinux 5.18 -

II. Public POCs for CVE-2024-26783

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-26783

登录查看更多情报信息。

Same Patch Batch · Linux · 2024-04-04 · 32 CVEs total

CVE-2024-26793gtp: fix use-after-free and null-ptr-deref in gtp_newlink()
CVE-2024-26809netfilter: nft_set_pipapo: release elements in clone only from destroy path
CVE-2024-26808netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain
CVE-2024-26807spi: cadence-qspi: fix pointer reference in runtime PM hooks
CVE-2024-26806spi: cadence-qspi: remove system-wide suspend helper calls from runtime PM hooks
CVE-2024-26805netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter
CVE-2024-26804net: ip_tunnel: prevent perpetual headroom growth
CVE-2024-26803net: veth: clear GRO when clearing XDP even when down
CVE-2024-26802stmmac: Clear variable when destroying workqueue
CVE-2024-26800tls: fix use-after-free on failed backlog decryption
CVE-2024-26801Bluetooth: Avoid potential use-after-free in hci_error_reset
CVE-2024-26799ASoC: qcom: Fix uninitialized pointer dmactl
CVE-2024-26798fbcon: always restore the old font data in fbcon_do_set_font()
CVE-2024-26797drm/amd/display: Prevent potential buffer overflow in map_hw_resources
CVE-2024-26796drivers: perf: ctr_get_width function for legacy is not defined
CVE-2024-26795riscv: Sparse-Memory/vmemmap out-of-bounds fix
CVE-2024-26745powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV
CVE-2024-26792btrfs: fix double free of anonymous device after snapshot creation failure
CVE-2024-26791btrfs: dev-replace: properly validate device names
CVE-2024-26790dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read

Showing top 20 of 32 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2024-26783

No comments yet

Leave a comment