{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-40917","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-07-12T12:17:45.581Z","datePublished":"2024-07-12T12:25:00.175Z","dateUpdated":"2025-05-04T09:17:47.037Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T09:17:47.037Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmemblock: make memblock_set_node() also warn about use of MAX_NUMNODES\n\nOn an (old) x86 system with SRAT just covering space above 4Gb:\n\n    ACPI: SRAT: Node 0 PXM 0 [mem 0x100000000-0xfffffffff] hotplug\n\nthe commit referenced below leads to this NUMA configuration no longer\nbeing refused by a CONFIG_NUMA=y kernel (previously\n\n    NUMA: nodes only cover 6144MB of your 8185MB e820 RAM. Not used.\n    No NUMA configuration found\n    Faking a node at [mem 0x0000000000000000-0x000000027fffffff]\n\nwas seen in the log directly after the message quoted above), because of\nmemblock_validate_numa_coverage() checking for NUMA_NO_NODE (only). This\nin turn led to memblock_alloc_range_nid()'s warning about MAX_NUMNODES\ntriggering, followed by a NULL deref in memmap_init() when trying to\naccess node 64's (NODE_SHIFT=6) node data.\n\nTo compensate said change, make memblock_set_node() warn on and adjust\na passed in value of MAX_NUMNODES, just like various other functions\nalready do."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["mm/memblock.c"],"versions":[{"version":"6fdc770506eb8379bf68a49d4e193c8364ac64e0","lessThan":"4ddb7f966f3d06fcf1ba5ee298af6714b593584b","status":"affected","versionType":"git"},{"version":"ff6c3d81f2e86b63a3a530683f89ef393882782a","lessThan":"22f742b8f738918f683198a18ec3c691acda14c4","status":"affected","versionType":"git"},{"version":"ff6c3d81f2e86b63a3a530683f89ef393882782a","lessThan":"e0eec24e2e199873f43df99ec39773ad3af2bff7","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["mm/memblock.c"],"versions":[{"version":"6.8","status":"affected"},{"version":"0","lessThan":"6.8","status":"unaffected","versionType":"semver"},{"version":"6.6.72","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.9.6","lessThanOrEqual":"6.9.*","status":"unaffected","versionType":"semver"},{"version":"6.10","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.70","versionEndExcluding":"6.6.72"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.8","versionEndExcluding":"6.9.6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.8","versionEndExcluding":"6.10"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/4ddb7f966f3d06fcf1ba5ee298af6714b593584b"},{"url":"https://git.kernel.org/stable/c/22f742b8f738918f683198a18ec3c691acda14c4"},{"url":"https://git.kernel.org/stable/c/e0eec24e2e199873f43df99ec39773ad3af2bff7"}],"title":"memblock: make memblock_set_node() also warn about use of MAX_NUMNODES","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T04:39:55.350Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/22f742b8f738918f683198a18ec3c691acda14c4","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/e0eec24e2e199873f43df99ec39773ad3af2bff7","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-40917","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T17:05:43.202207Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:33:04.005Z"}}]}}