In the Linux kernel, the following vulnerability has been resolved:

ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses

Since commit a4d5613c4dc6 ("arm: extend pfn_valid to take into account
freed memory map alignment") changes the semantics of pfn_valid() to check
presence of the memory map for a PFN. A valid page for an address which
is reserved but not mapped by the kernel[1], the system crashed during
some uio test with the following memory layout:

node 0: [mem 0x00000000c0a00000-0x00000000cc8fffff]
node 0: [mem 0x00000000d0000000-0x00000000da1fffff]
the uio layout is:0xc0900000, 0x100000

the crash backtrace like:

Unable to handle kernel paging request at virtual address bff00000
[...]
CPU: 1 PID: 465 Comm: startapp.bin Tainted: G O 5.10.0 #1
Hardware name: Generic DT based system
PC is at b15_flush_kern_dcache_area+0x24/0x3c
LR is at __sync_icache_dcache+0x6c/0x98
[...]
(b15_flush_kern_dcache_area) from (__sync_icache_dcache+0x6c/0x98)
(__sync_icache_dcache) from (set_pte_at+0x28/0x54)
(set_pte_at) from (remap_pfn_range+0x1a0/0x274)
(remap_pfn_range) from (uio_mmap+0x184/0x1b8 [uio])
(uio_mmap [uio]) from (__mmap_region+0x264/0x5f4)
(__mmap_region) from (__do_mmap_mm+0x3ec/0x440)
(__do_mmap_mm) from (do_mmap+0x50/0x58)
(do_mmap) from (vm_mmap_pgoff+0xfc/0x188)
(vm_mmap_pgoff) from (ksys_mmap_pgoff+0xac/0xc4)
(ksys_mmap_pgoff) from (ret_fast_syscall+0x0/0x5c)
Code: e0801001 e2423001 e1c00003 f57ff04f (ee070f3e)
---[ end trace 09cf0734c3805d52 ]---
Kernel panic - not syncing: Fatal exception

So check if PG_reserved was set to solve this issue.

[1]: https://lore.kernel.org/lkml/Zbtdue57RO0QScJM@linux.ibm.com/
History

Thu, 26 Sep 2024 23:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-439

Tue, 24 Sep 2024 11:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:9
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat enterprise Linux

Wed, 07 Aug 2024 22:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_eus:9.2

Wed, 07 Aug 2024 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_eus:9.2::nfv
Vendors & Products Redhat
Redhat rhel Eus

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2025-05-04T12:55:15.719Z

Reserved: 2024-02-19T14:20:24.197Z

Link: CVE-2024-26947

cve-icon Vulnrichment

Updated: 2024-08-02T00:21:05.505Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-05-01T06:15:10.607

Modified: 2024-11-21T09:03:27.780

Link: CVE-2024-26947

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-05-01T00:00:00Z

Links: CVE-2024-26947 - Bugzilla

cve-icon OpenCVE Enrichment

No data.