CVE-2024-47674Incomplete Cleanup in Linux

CWE-459Incomplete CleanupCWE-20Improper Input Validation52 documents7 sources
Severity
5.5MEDIUMNVD
OSV8.8OSV6.7OSV6.3OSV4.7
EPSS
0.0%
top 98.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
LinuxLinux KernelDebian Linux+9 more
Timeline
PublishedOct 15
Latest updateMay 28

Description

In the Linux kernel, the following vulnerability has been resolved: mm: avoid leaving partial pfn mappings around in error case As Jann points out, PFN mappings are special, because unlike normal memory mappings, there is no lifetime information associated with the mapping - it is just a raw mapping of PFNs with no reference counting of a 'struct page'. That's all very much intentional, but it does mean that it's easy to mess up the cleanup in case of errors. Yes, a failed mmap() will always

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages14 packages

NVDlinux/linux_kernel5.166.1.111+4
Debianlinux/linux_kernel< 5.10.234-1+3
Ubuntulinux/linux_kernel< 5.4.0-208.228+2

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

25
OSV
linux-raspi-5.4 vulnerabilities2025-05-28
OSV
linux-raspi vulnerabilities2025-05-28
OSV
linux-iot vulnerabilities2025-04-03
OSV
linux-aws-5.4 vulnerabilities2025-04-01
OSV
linux-fips vulnerabilities2025-03-28

📋Vendor Advisories

26
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-05-28
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-05-28
Ubuntu
Linux kernel (IoT) vulnerabilities2025-04-03
Ubuntu
Linux kernel (AWS) vulnerabilities2025-04-01
Ubuntu
Linux kernel (FIPS) vulnerabilities2025-03-28