CVE - CVE-2024-35797

CVE-ID
CVE-2024-35797	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: mm: cachestat: fix two shmem bugs When cachestat on shmem races with swapping and invalidation, there are two possible bugs: 1) A swapin error can have resulted in a poisoned swap entry in the shmem inode's xarray. Calling get_shadow_from_swap_cache() on it will result in an out-of-bounds access to swapper_spaces[]. Validate the entry with non_swap_entry() before going further. 2) When we find a valid swap entry in the shmem's inode, the shadow entry in the swapcache might not exist yet: swap IO is still in progress and we're before __remove_mapping; swapin, invalidation, or swapoff have removed the shadow from swapcache after we saw the shmem swap entry. This will send a NULL to workingset_test_recent(). The latter purely operates on pointer bits, so it won't crash - node 0, memcg ID 0, eviction timestamp 0, etc. are all valid inputs - but it's a bogus test. In theory that could result in a false "recently evicted" count. Such a false positive wouldn't be the end of the world. But for code clarity and (future) robustness, be explicit about this case. Bail on get_shadow_from_swap_cache() returning NULL.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/24a0e73d544439bb9329fbbafac44299e548a677 URL:https://git.kernel.org/stable/c/24a0e73d544439bb9329fbbafac44299e548a677 MISC:https://git.kernel.org/stable/c/b79f9e1ff27c994a4c452235ba09e672ec698e23 URL:https://git.kernel.org/stable/c/b79f9e1ff27c994a4c452235ba09e672ec698e23 MISC:https://git.kernel.org/stable/c/d5d39c707a4cf0bcc84680178677b97aa2cb2627 URL:https://git.kernel.org/stable/c/d5d39c707a4cf0bcc84680178677b97aa2cb2627 MISC:https://git.kernel.org/stable/c/d962f6c583458037dc7e529659b2b02b9dd3d94b URL:https://git.kernel.org/stable/c/d962f6c583458037dc7e529659b2b02b9dd3d94b
Assigning CNA
kernel.org
Date Record Created
20240517	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240517)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)