PT-2024-33805 · Linux+2 · Linux Kernel+2

Steve Sistare

Published

2024-09-03

Updated

2025-02-28

CVE-2024-49964

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: A memory leak issue has been identified in the Linux kernel, specifically in the mm/hugetlb component. The problem occurs when memfd pin folios is followed by unpin folios, and the pages were not already faulted in. This is because the folio refcount for pages created by memfd alloc folio never goes to 0. The issue is caused by a missing folio put to undo the folio try get in memfd pin folios. The refcount for an unfaulted page is incorrectly set to 513 instead of 512 after memfd pin folios and unpin folios.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

BDU:2025-16132

CVE-2024-49964

OPENSUSE-SU-2024:14500-1

OPENSUSE-SU-2025:14705-1

USN-7276-1

USN-7277-1

USN-7310-1

Affected Products

Linuxmint

Linux Kernel

Ubuntu

PT-2024-33805 · Linux+2 · Linux Kernel+2

CVE-2024-49964

Weakness Enumeration

Related Identifiers

Affected Products

References · 1291