PT-2024-35573 · Linux+3 · Linux Kernel+3

Published

2024-11-09

Updated

2025-10-03

CVE-2024-53109

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.65

Description The issue arises when deleting a vma entry from a maple tree, where a wrong argument is passed to vma iter prealloc() instead of NULL, which is required to calculate the internal state of the tree. This results in nommu kernels crashing when accessing a vma iterator, such as acct collect() reading the size of vma entries after do munmap(). The problem is fixed by passing the correct argument to the preallocation call.

Recommendations For Linux kernel versions prior to 6.6.65, update to version 6.6.65 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable vma iter prealloc() function until a patch is available.

Exploit

Fix

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

ALT-PU-2024-17211

ALT-PU-2024-17888

ALT-PU-2025-12647

AZL-54126

BDU:2025-07874

CVE-2024-53109

MGASA-2024-0392

MGASA-2024-0393

OESA-2025-1093

OESA-2025-1097

USN-7276-1

USN-7277-1

USN-7310-1

USN-7449-1

USN-7449-2

USN-7450-1

USN-7451-1

USN-7452-1

USN-7453-1

USN-7468-1

USN-7523-1

USN-7524-1

Affected Products

Alt Linux

Linuxmint

Linux Kernel

Ubuntu

PT-2024-35573 · Linux+3 · Linux Kernel+3

CVE-2024-53109

Weakness Enumeration

Related Identifiers

Affected Products

References · 1244