{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-53097","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-11-19T17:17:24.983Z","datePublished":"2024-11-25T21:21:26.549Z","dateUpdated":"2025-11-03T22:29:11.139Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T13:00:20.163Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm: krealloc: Fix MTE false alarm in __do_krealloc\n\nThis patch addresses an issue introduced by commit 1a83a716ec233 (\"mm:\nkrealloc: consider spare memory for __GFP_ZERO\") which causes MTE\n(Memory Tagging Extension) to falsely report a slab-out-of-bounds error.\n\nThe problem occurs when zeroing out spare memory in __do_krealloc. The\noriginal code only considered software-based KASAN and did not account\nfor MTE. It does not reset the KASAN tag before calling memset, leading\nto a mismatch between the pointer tag and the memory tag, resulting\nin a false positive.\n\nExample of the error:\n==================================================================\nswapper/0: BUG: KASAN: slab-out-of-bounds in __memset+0x84/0x188\nswapper/0: Write at addr f4ffff8005f0fdf0 by task swapper/0/1\nswapper/0: Pointer tag: [f4], memory tag: [fe]\nswapper/0:\nswapper/0: CPU: 4 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.\nswapper/0: Hardware name: MT6991(ENG) (DT)\nswapper/0: Call trace:\nswapper/0:  dump_backtrace+0xfc/0x17c\nswapper/0:  show_stack+0x18/0x28\nswapper/0:  dump_stack_lvl+0x40/0xa0\nswapper/0:  print_report+0x1b8/0x71c\nswapper/0:  kasan_report+0xec/0x14c\nswapper/0:  __do_kernel_fault+0x60/0x29c\nswapper/0:  do_bad_area+0x30/0xdc\nswapper/0:  do_tag_check_fault+0x20/0x34\nswapper/0:  do_mem_abort+0x58/0x104\nswapper/0:  el1_abort+0x3c/0x5c\nswapper/0:  el1h_64_sync_handler+0x80/0xcc\nswapper/0:  el1h_64_sync+0x68/0x6c\nswapper/0:  __memset+0x84/0x188\nswapper/0:  btf_populate_kfunc_set+0x280/0x3d8\nswapper/0:  __register_btf_kfunc_id_set+0x43c/0x468\nswapper/0:  register_btf_kfunc_id_set+0x48/0x60\nswapper/0:  register_nf_nat_bpf+0x1c/0x40\nswapper/0:  nf_nat_init+0xc0/0x128\nswapper/0:  do_one_initcall+0x184/0x464\nswapper/0:  do_initcall_level+0xdc/0x1b0\nswapper/0:  do_initcalls+0x70/0xc0\nswapper/0:  do_basic_setup+0x1c/0x28\nswapper/0:  kernel_init_freeable+0x144/0x1b8\nswapper/0:  kernel_init+0x20/0x1a8\nswapper/0:  ret_from_fork+0x10/0x20\n=================================================================="}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["mm/slab_common.c"],"versions":[{"version":"c383263ee82a01a5a9bc1a466025ccde39a38cae","lessThan":"8ebee7565effdeae6085458f8f8463363120a871","status":"affected","versionType":"git"},{"version":"a543785856249a5ba8c20468098601c0c33b1224","lessThan":"d02492863023431c31f85d570f718433c22b9311","status":"affected","versionType":"git"},{"version":"44f79667fefd52945a44d2a57a2cd3c554d7f4e0","lessThan":"d43f1430d47c22a0727c05b6f156ed25fecdfeb4","status":"affected","versionType":"git"},{"version":"f8767d10bcbc2529540eb906906c0058e15cd918","lessThan":"486aeb5f1855c75dd810c25036134961bd2a6722","status":"affected","versionType":"git"},{"version":"e3a9fc1520a6606c6121aca8d6679c6b93de7fd8","lessThan":"71548fada7ee0eb50cc6ccda82dff010c745f92c","status":"affected","versionType":"git"},{"version":"3e9a65a38706866bf93e19f5b4936465188add10","lessThan":"3dfb40da84f26dd35dd9bbaf626a2424565b8406","status":"affected","versionType":"git"},{"version":"1a83a716ec233990e1fd5b6fbb1200ade63bf450","lessThan":"704573851b51808b45dae2d62059d1d8189138a2","status":"affected","versionType":"git"},{"version":"73388659ef0eea51747350530afdeadf8809ce9c","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["mm/slab_common.c"],"versions":[{"version":"5.10.227","lessThan":"5.10.230","status":"affected","versionType":"semver"},{"version":"5.15.168","lessThan":"5.15.173","status":"affected","versionType":"semver"},{"version":"6.1.113","lessThan":"6.1.118","status":"affected","versionType":"semver"},{"version":"6.6.55","lessThan":"6.6.62","status":"affected","versionType":"semver"},{"version":"6.11.3","lessThan":"6.11.9","status":"affected","versionType":"semver"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.227","versionEndExcluding":"5.10.230"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.168","versionEndExcluding":"5.15.173"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.113","versionEndExcluding":"6.1.118"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.55","versionEndExcluding":"6.6.62"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.11.3","versionEndExcluding":"6.11.9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.10.14"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/8ebee7565effdeae6085458f8f8463363120a871"},{"url":"https://git.kernel.org/stable/c/d02492863023431c31f85d570f718433c22b9311"},{"url":"https://git.kernel.org/stable/c/d43f1430d47c22a0727c05b6f156ed25fecdfeb4"},{"url":"https://git.kernel.org/stable/c/486aeb5f1855c75dd810c25036134961bd2a6722"},{"url":"https://git.kernel.org/stable/c/71548fada7ee0eb50cc6ccda82dff010c745f92c"},{"url":"https://git.kernel.org/stable/c/3dfb40da84f26dd35dd9bbaf626a2424565b8406"},{"url":"https://git.kernel.org/stable/c/704573851b51808b45dae2d62059d1d8189138a2"}],"title":"mm: krealloc: Fix MTE false alarm in __do_krealloc","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.5,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"id":"CVE-2024-53097","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2025-10-01T20:11:14.602710Z"}}}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","description":"CWE-noinfo Not enough information"}]}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-01T20:17:12.726Z"}},{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"},{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T22:29:11.139Z"}}]}}