Bug 2329924 (CVE-2024-53113) - CVE-2024-53113 kernel: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof
Summary: CVE-2024-53113 kernel: mm: fix NULL pointer dereference in alloc_pages_bulk_n...
Keywords:
Status: NEW
Alias: CVE-2024-53113
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2329954
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-12-02 14:01 UTC by OSIDB Bzimport
Modified: 2025-04-25 17:25 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2025:2783 0 None None None 2025-03-13 14:16:50 UTC
Red Hat Product Errata RHBA-2025:3020 0 None None None 2025-03-18 21:39:07 UTC
Red Hat Product Errata RHSA-2025:1253 0 None None None 2025-02-10 21:28:05 UTC
Red Hat Product Errata RHSA-2025:1254 0 None None None 2025-02-10 21:26:26 UTC
Red Hat Product Errata RHSA-2025:1268 0 None None None 2025-02-11 04:14:57 UTC
Red Hat Product Errata RHSA-2025:1269 0 None None None 2025-02-11 03:53:58 UTC
Red Hat Product Errata RHSA-2025:1658 0 None None None 2025-02-19 00:51:00 UTC
Red Hat Product Errata RHSA-2025:2627 0 None None None 2025-03-11 06:34:50 UTC

Description OSIDB Bzimport 2024-12-02 14:01:49 UTC 
In the Linux kernel, the following vulnerability has been resolved:

mm: fix NULL pointer dereference in alloc_pages_bulk_noprof

We triggered a NULL pointer dereference for ac.preferred_zoneref->zone in
alloc_pages_bulk_noprof() when the task is migrated between cpusets.

When cpuset is enabled, in prepare_alloc_pages(), ac->nodemask may be
&current->mems_allowed.  when first_zones_zonelist() is called to find
preferred_zoneref, the ac->nodemask may be modified concurrently if the
task is migrated between different cpusets.  Assuming we have 2 NUMA Node,
when traversing Node1 in ac->zonelist, the nodemask is 2, and when
traversing Node2 in ac->zonelist, the nodemask is 1.  As a result, the
ac->preferred_zoneref points to NULL zone.

In alloc_pages_bulk_noprof(), for_each_zone_zonelist_nodemask() finds a
allowable zone and calls zonelist_node_idx(ac.preferred_zoneref), leading
to NULL pointer dereference.

__alloc_pages_noprof() fixes this issue by checking NULL pointer in commit
ea57485af8f4 ("mm, page_alloc: fix check for NULL preferred_zone") and
commit df76cee6bbeb ("mm, page_alloc: remove redundant checks from alloc
fastpath").

To fix it, check NULL pointer for preferred_zoneref->zone.
Comment 1 Robb Gatica 2024-12-02 14:41:02 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024120249-CVE-2024-53113-57df@gregkh/T
Comment 3 errata-xmlrpc 2025-02-10 21:26:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:1254 https://access.redhat.com/errata/RHSA-2025:1254
Comment 4 errata-xmlrpc 2025-02-10 21:28:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:1253 https://access.redhat.com/errata/RHSA-2025:1253
Comment 5 errata-xmlrpc 2025-02-11 03:53:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2025:1269 https://access.redhat.com/errata/RHSA-2025:1269
Comment 6 errata-xmlrpc 2025-02-11 04:14:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2025:1268 https://access.redhat.com/errata/RHSA-2025:1268
Comment 7 errata-xmlrpc 2025-02-19 00:50:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:1658 https://access.redhat.com/errata/RHSA-2025:1658
Comment 8 errata-xmlrpc 2025-03-11 06:34:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:2627 https://access.redhat.com/errata/RHSA-2025:2627
Note You need to log in before you can comment on or make changes to this bug.