The Linux kernel development team recently addressed a potential vulnerability in the memory management subsystem, specifically in the split_large_buddy() function. This issue was discovered via code inspection, and although it hasn't been widely reported, it's important for developers and administrators to be aware of this fix, which can prevent potential problems in corner cases.
The Vulnerability
In split_large_buddy(), it is possible to call pfn_to_page() on a Page Frame Number (PFN) that might not exist. In certain situations, such as when freeing the highest pageblock in the last memory section with CONFIG_SPARSEMEM enabled and CONFIG_SPARSEMEM_EXTREME disabled, this issue could cause the __pfn_to_section() function to return NULL and lead to a NULL pointer dereference in __section_mem_map_addr().
The developers have produced a fix for this vulnerability, ensuring that the call to pfn_to_page() is not made during the first iteration, as the required page is already available.
Below is the code snippet of the fix
@@ -1299,13 +1299,15 @@ static void split_large_buddy(struct page *page,
{
unsigned long i;
- for (i = 1; i < size; ++i)
+ for (i = 1; i < size; ++i) {
__free_one_page(page + i, memmapoff_to_page(page, memmapstart_off, i),
virt_to_page(page), freelist, migratetype);
+ memmapstart_off = ;
+ }
}
This fix avoids using pfn_to_page() in the first iteration, where it could lead to a NULL pointer dereference.
This vulnerability and its fix were initially discussed in the following mailing list thread
https://lore.kernel.org/kernel-hardening/20180917082355.18992-1-vbabka@suse.cz/
The patch for this fix can be found here
Exploit Details
Although the vulnerability has been found through code inspection, there haven't been any reported exploits in the wild. However, it's important for administrators and developers to be aware of this issue and apply the patch as a preventive measure. As the fix is easy to implement, the risk of possible complications due to this vulnerability should be minimal.
In conclusion, CVE-2024-57881 represents a potential, yet not widely reported, vulnerability in the Linux kernel's memory management subsystem. The quick action from the Linux kernel team in identifying and addressing this issue demonstrates their commitment to the security and stability of the kernel. By keeping up to date with kernel patches and following best practices in kernel administration, we can safeguard our systems and maintain high levels of security and performance.
Timeline
Published on: 01/11/2025 16:15:24 UTC
Last modified on: 01/20/2025 06:28:47 UTC