CVE-2024-36000

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a missing lock in the hugetlb code, which can be triggered in an userfault context. This occurs when two threads modify the resv map together, going into an unlikely path. The function hugetlb cgroup uncharge folio rsvd() will update the cgroup pointer and requires the lock to be held. A fix has been provided by Mike, but the locking criteria were initially overlooked.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-617

Related Identifiers

ALSA-2024:5101

ALSA-2024:5102

ALSA-2024:6567

ALSA-2025_16880

AZL-67703

BDU:2025-08077

CESA-2024_5101

CESA-2024_5102

CVE-2024-36000

INFSA-2024_5101

INFSA-2024_5102

INFSA-2024_6567

MGASA-2024-0263

MGASA-2024-0266

OESA-2024-1693

OESA-2024-1694

OPENSUSE-SU-2024_2947-1

OPENSUSE-SU-2024_4314-1

OPENSUSE-SU-2024_4316-1

RHSA-2024:5065

RHSA-2024:5101

RHSA-2024:5102

RHSA-2024:5255

RHSA-2024:5672

RHSA-2024:5673

RHSA-2024:6567

RHSA-2024_5101

RHSA-2024_5102

RHSA-2024_6567

RLSA-2024:5101

RLSA-2024:5102

RLSA-2024:6567

RXSA-2024:5101

RXSA-2024:6567

SUSE-SU-2024:2894-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:2947-1

SUSE-SU-2024:4314-1

SUSE-SU-2024:4316-1

SUSE-SU-2024:4318-1

SUSE-SU-2024:4387-1

SUSE-SU-2025:20163-1

SUSE-SU-2025:20164-1

SUSE-SU-2025:20246-1

SUSE-SU-2025:20247-1

USN-6949-1

USN-6949-2

USN-6952-1

USN-6952-2

USN-6955-1

Affected Products

Almalinux

Astra Linux

Centos

Debian

Linuxmint

Linux Kernel

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2024-36000

Weakness Enumeration

Related Identifiers

Affected Products

References · 3249