CVE-2024-49964

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://git.kernel.org/stable/c/59e081ff2e91bbf19b8c1ecb75b031f778858383", "name": "https://git.kernel.org/stable/c/59e081ff2e91bbf19b8c1ecb75b031f778858383", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/c56b6f3d801d7ec8965993342bdd9e2972b6cb8e", "name": "https://git.kernel.org/stable/c/c56b6f3d801d7ec8965993342bdd9e2972b6cb8e", "tags": ["Patch"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: fix memfd_pin_folios free_huge_pages leak\n\nmemfd_pin_folios followed by unpin_folios fails to restore free_huge_pages\nif the pages were not already faulted in, because the folio refcount for\npages created by memfd_alloc_folio never goes to 0. memfd_pin_folios\nneeds another folio_put to undo the folio_try_get below:\n\nmemfd_alloc_folio()\n alloc_hugetlb_folio_nodemask()\n dequeue_hugetlb_folio_nodemask()\n dequeue_hugetlb_folio_node_exact()\n folio_ref_unfreeze(folio, 1); ; adds 1 refcount\n folio_try_get() ; adds 1 refcount\n hugetlb_add_to_page_cache() ; adds 512 refcount (on x86)\n\nWith the fix, after memfd_pin_folios + unpin_folios, the refcount for the\n(unfaulted) page is 512, which is correct, as the refcount for a faulted\nunpinned page is 513."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-49964", "ASSIGNER": "cve@kernel.org"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}}, "publishedDate": "2024-10-21T18:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.11.3", "versionStartIncluding": "6.11"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2024-11-07T19:20Z"}