PT-2024-33726 · Linux+4 · Linux Kernel+4

Peng Fan

·

Published

2024-10-21

·

Updated

2025-12-07

·

CVE-2024-49885

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.11.0-rc3-next-20240814-00004-g61844c55c3f4
Description: A vulnerability in the Linux kernel has been resolved, related to the mm and slub modules. The issue arises when the init on free option is enabled, causing the full object size, including the redzone, to be cleared. This leads to the check object function treating the entire object as a redzone, resulting in a BUG report. The vulnerability is addressed by using orig size to clear the used area and restoring the value of orig size after clearing the remaining area.
Recommendations: To resolve the issue, update to a version of the Linux kernel that includes the fix for this vulnerability. Specifically, for versions prior to 6.11.0-rc3-next-20240814-00004-g61844c55c3f4, apply the patch that addresses the mm and slub modules to avoid zeroing the kmalloc redzone. As a temporary workaround, consider disabling the init on free option until a patched version is available.

Exploit

Fix

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2025-12647
AZL-52969
BDU:2025-07999
CVE-2024-49885
INFSA-2025_6966
OESA-2024-2492
OPENSUSE-SU-2024:14500-1
OPENSUSE-SU-2025:14705-1
RHSA-2025:6966
RHSA-2025_6966
USN-7276-1
USN-7277-1
USN-7301-1
USN-7303-1
USN-7303-2
USN-7303-3
USN-7304-1
USN-7310-1
USN-7311-1
USN-7384-1
USN-7384-2
USN-7385-1
USN-7386-1
USN-7403-1

Affected Products

Alt Linux
Linuxmint
Linux Kernel
Red Hat
Ubuntu