PT-2024-35578 · Linux+8 · Linux Kernel+8
Jinjiang Tu
·
Published
2024-11-13
·
Updated
2025-10-03
·
CVE-2024-53113
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.6.65
Description
A NULL pointer dereference issue was found in the Linux kernel, specifically in the
alloc pages bulk noprof() function. This issue occurs when a task is migrated between cpusets, causing the ac->preferred zoneref->zone pointer to become NULL. The for each zone zonelist nodemask() function finds an allowable zone and calls zonelist node idx(ac.preferred zoneref), leading to a NULL pointer dereference. The issue is fixed by checking for a NULL pointer in the alloc pages noprof() function.Recommendations
To fix this issue, update to Linux kernel version 6.6.65 or later. As a temporary workaround, consider disabling the
alloc pages bulk noprof() function until a patch is available. Restrict access to the vulnerable zonelist node idx() function to minimize the risk of exploitation. Avoid using the ac->preferred zoneref->zone pointer in the affected alloc pages bulk noprof() function until the issue is resolved.Exploit
Fix
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu