medium
5.5
CWE
476
Advisory Published
Updated

CVE-2024-53113: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof

First published: Mon Dec 02 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof We triggered a NULL pointer dereference for ac.preferred_zoneref->zone in alloc_pages_bulk_noprof() when the task is migrated between cpusets. When cpuset is enabled, in prepare_alloc_pages(), ac->nodemask may be &current->mems_allowed. when first_zones_zonelist() is called to find preferred_zoneref, the ac->nodemask may be modified concurrently if the task is migrated between different cpusets. Assuming we have 2 NUMA Node, when traversing Node1 in ac->zonelist, the nodemask is 2, and when traversing Node2 in ac->zonelist, the nodemask is 1. As a result, the ac->preferred_zoneref points to NULL zone. In alloc_pages_bulk_noprof(), for_each_zone_zonelist_nodemask() finds a allowable zone and calls zonelist_node_idx(ac.preferred_zoneref), leading to NULL pointer dereference. __alloc_pages_noprof() fixes this issue by checking NULL pointer in commit ea57485af8f4 ("mm, page_alloc: fix check for NULL preferred_zone") and commit df76cee6bbeb ("mm, page_alloc: remove redundant checks from alloc fastpath"). To fix it, check NULL pointer for preferred_zoneref->zone.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux Kernel>=5.13<6.1.119
Linux Kernel>=6.2<6.6.63
Linux Kernel>=6.7<6.11.10
Linux Kernel=6.12-rc1
Linux Kernel=6.12-rc2
Linux Kernel=6.12-rc3
Linux Kernel=6.12-rc4
Linux Kernel=6.12-rc5
Linux Kernel=6.12-rc6
Linux Kernel=6.12-rc7
debian/linux
5.10.223-1
5.10.234-1
6.1.129-1
6.1.128-1
6.12.20-1
6.12.21-1
debian/linux-6.1
6.1.129-1~deb11u1

Remedy

https://git.kernel.org/stable/c/31502374627ba9ec3e710dbd0bb00457cc6d2c19

Remedy

https://git.kernel.org/stable/c/6addb2d9501ec866d7b3a3b4e665307c437e9be2

Remedy

https://git.kernel.org/stable/c/8ce41b0f9d77cca074df25afd39b86e2ee3aa68e

Remedy

https://git.kernel.org/stable/c/d0f16cec79774c3132df006cf771eddd89d08f58

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-53113?

    CVE-2024-53113 is considered to have a low to moderate severity as it involves a NULL pointer dereference during task migration.

  • How do I fix CVE-2024-53113?

    To fix CVE-2024-53113, upgrade to a patched version of the Linux kernel that addresses the NULL pointer dereference issue.

  • Which versions of the Linux kernel are affected by CVE-2024-53113?

    CVE-2024-53113 affects various versions of the Linux kernel from 5.13 to 6.11.10 and specific release candidates of 6.12.

  • What impact does CVE-2024-53113 have on my system?

    CVE-2024-53113 may cause system instability and potential crashes due to NULL pointer dereference errors.

  • Is there a workaround for CVE-2024-53113?

    Currently, the recommended approach is to update the kernel, as no specific workaround has been identified for CVE-2024-53113.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203