{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-26947","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-02-19T14:20:24.197Z","datePublished":"2024-05-01T05:18:17.316Z","dateUpdated":"2025-05-04T12:55:15.719Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T12:55:15.719Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses\n\nSince commit a4d5613c4dc6 (\"arm: extend pfn_valid to take into account\nfreed memory map alignment\") changes the semantics of pfn_valid() to check\npresence of the memory map for a PFN. A valid page for an address which\nis reserved but not mapped by the kernel[1], the system crashed during\nsome uio test with the following memory layout:\n\n node   0: [mem 0x00000000c0a00000-0x00000000cc8fffff]\n node   0: [mem 0x00000000d0000000-0x00000000da1fffff]\n the uio layout is：0xc0900000, 0x100000\n\nthe crash backtrace like:\n\n  Unable to handle kernel paging request at virtual address bff00000\n  [...]\n  CPU: 1 PID: 465 Comm: startapp.bin Tainted: G           O      5.10.0 #1\n  Hardware name: Generic DT based system\n  PC is at b15_flush_kern_dcache_area+0x24/0x3c\n  LR is at __sync_icache_dcache+0x6c/0x98\n  [...]\n   (b15_flush_kern_dcache_area) from (__sync_icache_dcache+0x6c/0x98)\n   (__sync_icache_dcache) from (set_pte_at+0x28/0x54)\n   (set_pte_at) from (remap_pfn_range+0x1a0/0x274)\n   (remap_pfn_range) from (uio_mmap+0x184/0x1b8 [uio])\n   (uio_mmap [uio]) from (__mmap_region+0x264/0x5f4)\n   (__mmap_region) from (__do_mmap_mm+0x3ec/0x440)\n   (__do_mmap_mm) from (do_mmap+0x50/0x58)\n   (do_mmap) from (vm_mmap_pgoff+0xfc/0x188)\n   (vm_mmap_pgoff) from (ksys_mmap_pgoff+0xac/0xc4)\n   (ksys_mmap_pgoff) from (ret_fast_syscall+0x0/0x5c)\n  Code: e0801001 e2423001 e1c00003 f57ff04f (ee070f3e)\n  ---[ end trace 09cf0734c3805d52 ]---\n  Kernel panic - not syncing: Fatal exception\n\nSo check if PG_reserved was set to solve this issue.\n\n[1]: https://lore.kernel.org/lkml/Zbtdue57RO0QScJM@linux.ibm.com/"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/arm/mm/flush.c"],"versions":[{"version":"a4d5613c4dc6d413e0733e37db9d116a2a36b9f3","lessThan":"0c027c2bad7f5111c51a358b5d392e1a695dabff","status":"affected","versionType":"git"},{"version":"a4d5613c4dc6d413e0733e37db9d116a2a36b9f3","lessThan":"9f7ddc222cae8254e93d5c169a8ae11a49d912a7","status":"affected","versionType":"git"},{"version":"a4d5613c4dc6d413e0733e37db9d116a2a36b9f3","lessThan":"fb3a122a978626b33de3367ee1762da934c0f512","status":"affected","versionType":"git"},{"version":"a4d5613c4dc6d413e0733e37db9d116a2a36b9f3","lessThan":"0c66c6f4e21cb22220cbd8821c5c73fc157d20dc","status":"affected","versionType":"git"},{"version":"6026d4032dbbe3d7f4ac2c8daa923fe74dcf41c4","status":"affected","versionType":"git"},{"version":"65c578935bcc26ddc04e6757b2c7be95bf235b31","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/arm/mm/flush.c"],"versions":[{"version":"5.14","status":"affected"},{"version":"0","lessThan":"5.14","status":"unaffected","versionType":"semver"},{"version":"6.6.24","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.7.12","lessThanOrEqual":"6.7.*","status":"unaffected","versionType":"semver"},{"version":"6.8.3","lessThanOrEqual":"6.8.*","status":"unaffected","versionType":"semver"},{"version":"6.9","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.14","versionEndExcluding":"6.6.24"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.14","versionEndExcluding":"6.7.12"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.14","versionEndExcluding":"6.8.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.14","versionEndExcluding":"6.9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.167"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.87"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0c027c2bad7f5111c51a358b5d392e1a695dabff"},{"url":"https://git.kernel.org/stable/c/9f7ddc222cae8254e93d5c169a8ae11a49d912a7"},{"url":"https://git.kernel.org/stable/c/fb3a122a978626b33de3367ee1762da934c0f512"},{"url":"https://git.kernel.org/stable/c/0c66c6f4e21cb22220cbd8821c5c73fc157d20dc"}],"title":"ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-06-17T17:40:49.744241Z","id":"CVE-2024-26947","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-17T17:46:53.297Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T00:21:05.505Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/0c027c2bad7f5111c51a358b5d392e1a695dabff","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/9f7ddc222cae8254e93d5c169a8ae11a49d912a7","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/fb3a122a978626b33de3367ee1762da934c0f512","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/0c66c6f4e21cb22220cbd8821c5c73fc157d20dc","tags":["x_transferred"]}]}]}}