{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-40948","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-07-12T12:17:45.591Z","datePublished":"2024-07-12T12:31:53.478Z","dateUpdated":"2025-11-03T21:58:15.639Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T09:18:34.368Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/page_table_check: fix crash on ZONE_DEVICE\n\nNot all pages may apply to pgtable check.  One example is ZONE_DEVICE\npages: they map PFNs directly, and they don't allocate page_ext at all\neven if there's struct page around.  One may reference\ndevm_memremap_pages().\n\nWhen both ZONE_DEVICE and page-table-check enabled, then try to map some\ndax memories, one can trigger kernel bug constantly now when the kernel\nwas trying to inject some pfn maps on the dax device:\n\n kernel BUG at mm/page_table_check.c:55!\n\nWhile it's pretty legal to use set_pxx_at() for ZONE_DEVICE pages for page\nfault resolutions, skip all the checks if page_ext doesn't even exist in\npgtable checker, which applies to ZONE_DEVICE but maybe more."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["mm/page_table_check.c"],"versions":[{"version":"df4e817b710809425d899340dbfa8504a3ca4ba5","lessThan":"51897f99351fff7b57f4f141940fa93b4e90fd2b","status":"affected","versionType":"git"},{"version":"df4e817b710809425d899340dbfa8504a3ca4ba5","lessThan":"84d3549d54f5ff9fa3281257be3019386f51d1a0","status":"affected","versionType":"git"},{"version":"df4e817b710809425d899340dbfa8504a3ca4ba5","lessThan":"dec2382247860d2134c8d41e103e26460c099629","status":"affected","versionType":"git"},{"version":"df4e817b710809425d899340dbfa8504a3ca4ba5","lessThan":"8bb592c2eca8fd2bc06db7d80b38da18da4a2f43","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["mm/page_table_check.c"],"versions":[{"version":"5.17","status":"affected"},{"version":"0","lessThan":"5.17","status":"unaffected","versionType":"semver"},{"version":"6.1.96","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.36","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.9.7","lessThanOrEqual":"6.9.*","status":"unaffected","versionType":"semver"},{"version":"6.10","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"6.1.96"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"6.6.36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"6.9.7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"6.10"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/51897f99351fff7b57f4f141940fa93b4e90fd2b"},{"url":"https://git.kernel.org/stable/c/84d3549d54f5ff9fa3281257be3019386f51d1a0"},{"url":"https://git.kernel.org/stable/c/dec2382247860d2134c8d41e103e26460c099629"},{"url":"https://git.kernel.org/stable/c/8bb592c2eca8fd2bc06db7d80b38da18da4a2f43"}],"title":"mm/page_table_check: fix crash on ZONE_DEVICE","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/51897f99351fff7b57f4f141940fa93b4e90fd2b","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/84d3549d54f5ff9fa3281257be3019386f51d1a0","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/dec2382247860d2134c8d41e103e26460c099629","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/8bb592c2eca8fd2bc06db7d80b38da18da4a2f43","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T21:58:15.639Z"}},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-40948","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T17:04:08.155956Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:34:25.080Z"}}]}}