{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-57884","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-01-11T14:45:42.024Z","datePublished":"2025-01-15T13:05:37.152Z","dateUpdated":"2025-11-03T20:54:54.121Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T10:05:50.618Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim()\n\nThe task sometimes continues looping in throttle_direct_reclaim() because\nallow_direct_reclaim(pgdat) keeps returning false.  \n\n #0 [ffff80002cb6f8d0] __switch_to at ffff8000080095ac\n #1 [ffff80002cb6f900] __schedule at ffff800008abbd1c\n #2 [ffff80002cb6f990] schedule at ffff800008abc50c\n #3 [ffff80002cb6f9b0] throttle_direct_reclaim at ffff800008273550\n #4 [ffff80002cb6fa20] try_to_free_pages at ffff800008277b68\n #5 [ffff80002cb6fae0] __alloc_pages_nodemask at ffff8000082c4660\n #6 [ffff80002cb6fc50] alloc_pages_vma at ffff8000082e4a98\n #7 [ffff80002cb6fca0] do_anonymous_page at ffff80000829f5a8\n #8 [ffff80002cb6fce0] __handle_mm_fault at ffff8000082a5974\n #9 [ffff80002cb6fd90] handle_mm_fault at ffff8000082a5bd4\n\nAt this point, the pgdat contains the following two zones:\n\n        NODE: 4  ZONE: 0  ADDR: ffff00817fffe540  NAME: \"DMA32\"\n          SIZE: 20480  MIN/LOW/HIGH: 11/28/45\n          VM_STAT:\n                NR_FREE_PAGES: 359\n        NR_ZONE_INACTIVE_ANON: 18813\n          NR_ZONE_ACTIVE_ANON: 0\n        NR_ZONE_INACTIVE_FILE: 50\n          NR_ZONE_ACTIVE_FILE: 0\n          NR_ZONE_UNEVICTABLE: 0\n        NR_ZONE_WRITE_PENDING: 0\n                     NR_MLOCK: 0\n                    NR_BOUNCE: 0\n                   NR_ZSPAGES: 0\n            NR_FREE_CMA_PAGES: 0\n\n        NODE: 4  ZONE: 1  ADDR: ffff00817fffec00  NAME: \"Normal\"\n          SIZE: 8454144  PRESENT: 98304  MIN/LOW/HIGH: 68/166/264\n          VM_STAT:\n                NR_FREE_PAGES: 146\n        NR_ZONE_INACTIVE_ANON: 94668\n          NR_ZONE_ACTIVE_ANON: 3\n        NR_ZONE_INACTIVE_FILE: 735\n          NR_ZONE_ACTIVE_FILE: 78\n          NR_ZONE_UNEVICTABLE: 0\n        NR_ZONE_WRITE_PENDING: 0\n                     NR_MLOCK: 0\n                    NR_BOUNCE: 0\n                   NR_ZSPAGES: 0\n            NR_FREE_CMA_PAGES: 0\n\nIn allow_direct_reclaim(), while processing ZONE_DMA32, the sum of\ninactive/active file-backed pages calculated in zone_reclaimable_pages()\nbased on the result of zone_page_state_snapshot() is zero.  \n\nAdditionally, since this system lacks swap, the calculation of inactive/\nactive anonymous pages is skipped.\n\n        crash> p nr_swap_pages\n        nr_swap_pages = $1937 = {\n          counter = 0\n        }\n\nAs a result, ZONE_DMA32 is deemed unreclaimable and skipped, moving on to\nthe processing of the next zone, ZONE_NORMAL, despite ZONE_DMA32 having\nfree pages significantly exceeding the high watermark.\n\nThe problem is that the pgdat->kswapd_failures hasn't been incremented.\n\n        crash> px ((struct pglist_data *) 0xffff00817fffe540)->kswapd_failures\n        $1935 = 0x0\n\nThis is because the node deemed balanced.  The node balancing logic in\nbalance_pgdat() evaluates all zones collectively.  If one or more zones\n(e.g., ZONE_DMA32) have enough free pages to meet their watermarks, the\nentire node is deemed balanced.  This causes balance_pgdat() to exit early\nbefore incrementing the kswapd_failures, as it considers the overall\nmemory state acceptable, even though some zones (like ZONE_NORMAL) remain\nunder significant pressure.\n\n\nThe patch ensures that zone_reclaimable_pages() includes free pages\n(NR_FREE_PAGES) in its calculation when no other reclaimable pages are\navailable (e.g., file-backed or anonymous pages).  This change prevents\nzones like ZONE_DMA32, which have sufficient free pages, from being\nmistakenly deemed unreclaimable.  By doing so, the patch ensures proper\nnode balancing, avoids masking pressure on other zones like ZONE_NORMAL,\nand prevents infinite loops in throttle_direct_reclaim() caused by\nallow_direct_reclaim(pgdat) repeatedly returning false.\n\n\nThe kernel hangs due to a task stuck in throttle_direct_reclaim(), caused\nby a node being incorrectly deemed balanced despite pressure in certain\nzones, such as ZONE_NORMAL.  This issue arises from\nzone_reclaimable_pages\n---truncated---"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["mm/vmscan.c"],"versions":[{"version":"5a1c84b404a7176b8b36e2a0041b6f0adb3151a3","lessThan":"66cd37660ec34ec444fe42f2277330ae4a36bb19","status":"affected","versionType":"git"},{"version":"5a1c84b404a7176b8b36e2a0041b6f0adb3151a3","lessThan":"d675fefbaec3815b3ae0af1bebd97f27df3a05c8","status":"affected","versionType":"git"},{"version":"5a1c84b404a7176b8b36e2a0041b6f0adb3151a3","lessThan":"63eac98d6f0898229f515cb62fe4e4db2430e99c","status":"affected","versionType":"git"},{"version":"5a1c84b404a7176b8b36e2a0041b6f0adb3151a3","lessThan":"bfb701192129803191c9cd6cdd1f82cd07f8de2c","status":"affected","versionType":"git"},{"version":"5a1c84b404a7176b8b36e2a0041b6f0adb3151a3","lessThan":"1ff2302e8aeac7f2eedb551d7a89617283b5c6b2","status":"affected","versionType":"git"},{"version":"5a1c84b404a7176b8b36e2a0041b6f0adb3151a3","lessThan":"58d0d02dbc67438fc80223fdd7bbc49cf0733284","status":"affected","versionType":"git"},{"version":"5a1c84b404a7176b8b36e2a0041b6f0adb3151a3","lessThan":"6aaced5abd32e2a57cd94fd64f824514d0361da8","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["mm/vmscan.c"],"versions":[{"version":"4.8","status":"affected"},{"version":"0","lessThan":"4.8","status":"unaffected","versionType":"semver"},{"version":"5.4.289","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.233","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.176","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.124","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.70","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.9","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.13","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"5.4.289"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"5.10.233"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"5.15.176"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"6.1.124"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"6.6.70"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"6.12.9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"6.13"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/66cd37660ec34ec444fe42f2277330ae4a36bb19"},{"url":"https://git.kernel.org/stable/c/d675fefbaec3815b3ae0af1bebd97f27df3a05c8"},{"url":"https://git.kernel.org/stable/c/63eac98d6f0898229f515cb62fe4e4db2430e99c"},{"url":"https://git.kernel.org/stable/c/bfb701192129803191c9cd6cdd1f82cd07f8de2c"},{"url":"https://git.kernel.org/stable/c/1ff2302e8aeac7f2eedb551d7a89617283b5c6b2"},{"url":"https://git.kernel.org/stable/c/58d0d02dbc67438fc80223fdd7bbc49cf0733284"},{"url":"https://git.kernel.org/stable/c/6aaced5abd32e2a57cd94fd64f824514d0361da8"}],"title":"mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"},{"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T20:54:54.121Z"}}]}}