PT-2024-26824 · Linux+4 · Linux Kernel+4

Published

2024-02-26

·

Updated

2024-11-15

·

CVE-2024-35987

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue concerns the Linux kernel, specifically with loading 64-bit NOMMU kernels past the start of RAM. A commit added logic to allow using RAM below the kernel load address, but this does not work for NOMMU, where PAGE OFFSET is fixed to the kernel load address. As a result, mm initialization runs off the beginning of mem map and corrupts adjacent kernel memory. The fix involves restoring the previous behavior for NOMMU kernels.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Initialization

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-665

Related Identifiers

BDU:2025-08081
CVE-2024-35987
MGASA-2024-0263
MGASA-2024-0266
USN-6949-1
USN-6949-2
USN-6952-1
USN-6952-2
USN-6955-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Os
Ubuntu