PT-2024-9777 · Linux+7 · Linux Kernel+7

Published

2024-05-16

·

Updated

2025-09-29

·

CVE-2024-40914

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.9.0-rc4-00491-gd5ce28f156fe-dirty #14
Description: The vulnerability is related to the handling of huge zero folio in the Linux kernel's mm/huge memory module. When the HWPoison flag is set for huge zero folio without increasing the folio refcnt, the unpoison memory() function will decrease the folio refcnt unexpectedly, leading to a VM BUG ON PAGE error when releasing huge zero folio. This issue can cause a kernel panic.
Recommendations: To resolve this issue, skip unpoisoning huge zero folio in unpoison memory() by modifying the Linux kernel code to exclude huge zero folio from the unpoisoning process. This change will prevent the unexpected decrease of the folio refcnt and the resulting kernel panic.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-388

Related Identifiers

ALSA-2024:5928
ALSA-2025_16880
BDU:2024-11523
CVE-2024-40914
DLA-4008-1
DSA-5731-1
INFSA-2024_5928
OESA-2024-2076
OPENSUSE-SU-2024_4314-1
OPENSUSE-SU-2024_4316-1
RHSA-2024:5928
RHSA-2024:6267
RHSA-2024:6268
RHSA-2024_5928
SUSE-SU-2024:4314-1
SUSE-SU-2024:4316-1
SUSE-SU-2024:4318-1
SUSE-SU-2024:4387-1
SUSE-SU-2025:20163-1
SUSE-SU-2025:20164-1
SUSE-SU-2025:20246-1
SUSE-SU-2025:20247-1
USN-6999-1
USN-6999-2
USN-7004-1
USN-7005-1
USN-7005-2
USN-7007-1
USN-7007-2
USN-7007-3
USN-7008-1
USN-7009-1
USN-7009-2
USN-7019-1
USN-7029-1

Affected Products

Almalinux
Astra Linux
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu