PT-2024-29865 · Linux+4 · Linux Kernel+4

Published

2024-08-17

·

Updated

2026-03-13

·

CVE-2024-42317

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.10.0-rc7-gavin+ #9
Description A vulnerability in the Linux kernel has been resolved, related to the huge memory feature. The xarray data structure cannot support arbitrary page cache sizes, and the largest supported size is defined by the MAX PAGECACHE ORDER commit. However, on ARM64 systems with a base page size of 64KB, it is possible to have a 512MB page cache, which exceeds the limitation and raises a warning when the xarray entry is split.
Technical details about exploitation include:
  • The xas split alloc function is involved in the vulnerability.
  • The split huge page to list to order function is also related to the issue.
  • The truncate inode partial folio, truncate inode pages range, and truncate pagecache range functions are part of the call trace.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

AZL-62726
BDU:2025-07530
CVE-2024-42317
ECHO-C380-E00E-8251
OESA-2024-2124
USN-7154-1
USN-7154-2
USN-7155-1
USN-7156-1
USN-7196-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Ubuntu