PT-2024-33857 · Linux+6 · Linux Kernel+6

Published

2024-08-05

·

Updated

2026-05-26

·

CVE-2024-50017

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: The issue concerns the Linux kernel's identity mapping, where the use of GB pages can lead to the inclusion of large ranges of addresses not actually requested, including areas marked reserved by the BIOS. This can cause processor speculation into reserved regions, potentially leading to system halts on UV systems. The problem arises when ident pud init() uses only GB pages to create identity maps, and a 4K request can map a full GB. To address this, the kernel now uses GB pages only when map creation requests include the full GB page of space and falls back to using smaller 2M pages when only portions of a GB page are included in the request.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Weakness Enumeration

CWE-682

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2025-12647
AZL-51342
AZL-51497
BDU:2025-15087
CVE-2024-50017
ECHO-B49E-3AF3-AF69
OPENSUSE-SU-2024:14500-1
OPENSUSE-SU-2024_3984-1
OPENSUSE-SU-2024_3986-1
OPENSUSE-SU-2024_4315-1
OPENSUSE-SU-2024_4346-1
OPENSUSE-SU-2024_4376-1
OPENSUSE-SU-2025:14705-1
SUSE-SU-2024:3984-1
SUSE-SU-2024:3986-1
SUSE-SU-2024:4315-1
SUSE-SU-2024:4318-1
SUSE-SU-2024:4345-1
SUSE-SU-2024:4346-1
SUSE-SU-2024:4364-1
SUSE-SU-2024:4376-1
SUSE-SU-2024:4387-1
SUSE-SU-2025:20163-1
SUSE-SU-2025:20164-1
SUSE-SU-2025:20246-1
SUSE-SU-2025:20247-1
USN-7276-1
USN-7277-1
USN-7301-1
USN-7303-1
USN-7303-2
USN-7303-3
USN-7304-1
USN-7310-1
USN-7311-1
USN-7384-1
USN-7384-2
USN-7385-1
USN-7386-1
USN-7403-1
USN-7468-1

Affected Products

Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Suse
Ubuntu