{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-57945","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-01-19T11:50:08.380Z","datePublished":"2025-01-21T12:18:12.548Z","dateUpdated":"2025-11-03T19:32:46.584Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-22T12:40:03.484Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: mm: Fix the out of bound issue of vmemmap address\n\nIn sparse vmemmap model, the virtual address of vmemmap is calculated as:\n((struct page *)VMEMMAP_START - (phys_ram_base >> PAGE_SHIFT)).\nAnd the struct page's va can be calculated with an offset:\n(vmemmap + (pfn)).\n\nHowever, when initializing struct pages, kernel actually starts from the\nfirst page from the same section that phys_ram_base belongs to. If the\nfirst page's physical address is not (phys_ram_base >> PAGE_SHIFT), then\nwe get an va below VMEMMAP_START when calculating va for it's struct page.\n\nFor example, if phys_ram_base starts from 0x82000000 with pfn 0x82000, the\nfirst page in the same section is actually pfn 0x80000. During\ninit_unavailable_range(), we will initialize struct page for pfn 0x80000\nwith virtual address ((struct page *)VMEMMAP_START - 0x2000), which is\nbelow VMEMMAP_START as well as PCI_IO_END.\n\nThis commit fixes this bug by introducing a new variable\n'vmemmap_start_pfn' which is aligned with memory section size and using\nit to calculate vmemmap address instead of phys_ram_base."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/riscv/include/asm/page.h","arch/riscv/include/asm/pgtable.h","arch/riscv/mm/init.c"],"versions":[{"version":"8310080799b40fd9f2a8b808c657269678c149af","lessThan":"92f08673d3f1893191323572f60e3c62f2e57c2f","status":"affected","versionType":"git"},{"version":"a278d5c60f21aa15d540abb2f2da6e6d795c3e6e","lessThan":"a4a7ac3d266008018f05fae53060fcb331151a14","status":"affected","versionType":"git"},{"version":"a11dd49dcb9376776193e15641f84fcc1e5980c9","lessThan":"d2bd51954ac8377c2f1eb1813e694788998add66","status":"affected","versionType":"git"},{"version":"a11dd49dcb9376776193e15641f84fcc1e5980c9","lessThan":"f754f27e98f88428aaf6be6e00f5cbce97f62d4b","status":"affected","versionType":"git"},{"version":"8af1c121b0102041809bc137ec600d1865eaeedd","status":"affected","versionType":"git"},{"version":"5941a90c55d3bfba732b32208d58d997600b44ef","status":"affected","versionType":"git"},{"version":"2a1728c15ec4f45ed9248ae22f626541c179bfbe","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/riscv/include/asm/page.h","arch/riscv/include/asm/pgtable.h","arch/riscv/mm/init.c"],"versions":[{"version":"6.8","status":"affected"},{"version":"0","lessThan":"6.8","status":"unaffected","versionType":"semver"},{"version":"6.1.140","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.72","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.10","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.13","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.81","versionEndExcluding":"6.1.140"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.21","versionEndExcluding":"6.6.72"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.8","versionEndExcluding":"6.12.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.8","versionEndExcluding":"6.13"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.212"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.151"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7.9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/92f08673d3f1893191323572f60e3c62f2e57c2f"},{"url":"https://git.kernel.org/stable/c/a4a7ac3d266008018f05fae53060fcb331151a14"},{"url":"https://git.kernel.org/stable/c/d2bd51954ac8377c2f1eb1813e694788998add66"},{"url":"https://git.kernel.org/stable/c/f754f27e98f88428aaf6be6e00f5cbce97f62d4b"}],"title":"riscv: mm: Fix the out of bound issue of vmemmap address","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T19:32:46.584Z"}}]}}