PT-2024-35576 · Linux+4 · Linux Kernel+4

Jann Horn

·

Published

2024-11-14

·

Updated

2025-09-29

·

CVE-2024-53111

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.11.9
Description The issue arises from a false-positive condition in the move page tables() function, specifically with the expression len + old addr < old end on 32-bit platforms. When len + old addr wraps around, it causes mremap() to mistakenly believe that page table entries (PTEs) have been copied, leading to mremap() bailing out without moving the PTEs back before the new VMA is unmapped. This results in the loss of anonymous pages in the region. If userspace attempts to mremap() a private-anon region and encounters this bug, mremap() will return an error, and the private-anon region's contents will appear to have been zeroed.
Recommendations To resolve the issue, update the Linux kernel to version 6.11.9 or later. As a temporary workaround, consider avoiding the use of mremap() on private-anon regions until the patch is applied.

Exploit

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-17211
BDU:2025-15079
CVE-2024-53111
OPENSUSE-SU-2025_0117-1
OPENSUSE-SU-2025_0153-1
OPENSUSE-SU-2025_0154-1
SUSE-SU-2025:0117-1
SUSE-SU-2025:0153-1
SUSE-SU-2025:0154-1
SUSE-SU-2025:0289-1
SUSE-SU-2025:20165-1
SUSE-SU-2025:20166-1
SUSE-SU-2025:20248-1
SUSE-SU-2025:20249-1
USN-7276-1
USN-7277-1
USN-7310-1
USN-7449-1
USN-7449-2
USN-7450-1
USN-7451-1
USN-7452-1
USN-7453-1
USN-7468-1
USN-7523-1
USN-7524-1

Affected Products

Alt Linux
Linuxmint
Linux Kernel
Suse
Ubuntu