PT-2024-10407 · Linux+6 · Linux Kernel+6

Miaohe Lin

·

Published

2024-05-23

·

Updated

2026-05-26

·

CVE-2024-39298

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.37
Description The vulnerability is related to the handling of dissolved but not taken off from buddy pages in the Linux kernel's memory failure module. This can cause a kernel panic due to a bad page state. The root cause of the issue is a race condition between the memory failure and try memory failure hugetlb functions, specifically in the me huge page function. The vulnerability can be exploited by an attacker to cause a denial of service.
Recommendations To resolve the issue, update the Linux kernel to version 6.6.37 or later. If updating is not possible, consider disabling the me huge page function or restricting access to the vulnerable module as a temporary workaround. However, these workarounds may have performance implications and should be thoroughly tested before implementation.

Exploit

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-399CWE-362

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
BDU:2025-00935
CVE-2024-39298
DLA-4008-1
DSA-5731-1
INFSA-2024_9315
MGASA-2024-0263
MGASA-2024-0266
OESA-2024-2076
RHSA-2024:9315
RHSA-2024_9315
SUSE-SU-2025:02997-1
SUSE-SU-2025:03011-1
SUSE-SU-2025_02997-1
SUSE-SU-2025_03011-1
USN-6999-1
USN-6999-2
USN-7004-1
USN-7005-1
USN-7005-2
USN-7008-1
USN-7029-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu