CVE-2024-57883 — Improper Control of a Resource Through its Lifetime in Linux
Severity
5.5MEDIUMNVD
OSV7.8OSV7.1OSV6.2
EPSS
0.0%
top 92.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 15
Latest updateDec 3
Description
In the Linux kernel, the following vulnerability has been resolved:
mm: hugetlb: independent PMD page table shared count
The folio refcount may be increased unexpectly through try_get_folio() by
caller such as split_huge_pages. In huge_pmd_unshare(), we use refcount
to check whether a pmd page table is shared. The check is incorrect if
the refcount is increased by the above caller, and this can cause the page
table leaked:
BUG: Bad page state in process sh pfn:109324
page: refcount:0 mapcount…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages6 packages
▶CVEListV5linux/linux39dde65c9940c97fcd178a3d2b1c57ed8b7b68aa — 94b4b41d0cdf5cfd4d4325bc0e6e9e0d0e996133+6
Patches
🔴Vulnerability Details
27OSV▶
linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-lowlatency, linux-lowlate↗2025-12-03