CVE-2024-57945

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74

Description The issue is related to the calculation of the virtual address of vmemmap in the sparse vmemmap model. The virtual address is calculated as ((struct page *)VMEMMAP START - (phys ram base >> PAGE SHIFT)), and the struct page's va can be calculated with an offset: (vmemmap + (pfn)). However, when initializing struct pages, the kernel starts from the first page from the same section that phys ram base belongs to. If the first page's physical address is not (phys ram base >> PAGE SHIFT), then we get an va below VMEMMAP START when calculating va for it's struct page. This can lead to an out of bound issue. The fix introduces a new variable 'vmemmap start pfn' which is aligned with memory section size and uses it to calculate vmemmap address instead of phys ram base.

Recommendations To resolve the issue, update to Linux kernel version 6.6.74 or later. As a temporary workaround, consider restricting access to the vulnerable vmemmap module to minimize the risk of exploitation. Avoid using the phys ram base variable in calculations until the issue is resolved.