{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-35987", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-17T13:50:33.145Z", "datePublished": "2024-05-20T09:47:53.717Z", "dateUpdated": "2024-12-19T08:59:41.426Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:59:41.426Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Fix loading 64-bit NOMMU kernels past the start of RAM\n\ncommit 3335068f8721 (\"riscv: Use PUD/P4D/PGD pages for the linear\nmapping\") added logic to allow using RAM below the kernel load address.\nHowever, this does not work for NOMMU, where PAGE_OFFSET is fixed to the\nkernel load address. Since that range of memory corresponds to PFNs\nbelow ARCH_PFN_OFFSET, mm initialization runs off the beginning of\nmem_map and corrupts adjacent kernel memory. Fix this by restoring the\nprevious behavior for NOMMU kernels."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/riscv/include/asm/page.h", "arch/riscv/mm/init.c"], "versions": [{"version": "3335068f87217ea59d08f462187dc856652eea15", "lessThan": "b008e327fa570aca210f98c817757649bae56694", "status": "affected", "versionType": "git"}, {"version": "3335068f87217ea59d08f462187dc856652eea15", "lessThan": "ea6628e4e2353978af7e3b4ad4fdaab6149acf3d", "status": "affected", "versionType": "git"}, {"version": "3335068f87217ea59d08f462187dc856652eea15", "lessThan": "aea702dde7e9876fb00571a2602f25130847bf0f", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/riscv/include/asm/page.h", "arch/riscv/mm/init.c"], "versions": [{"version": "6.4", "status": "affected"}, {"version": "0", "lessThan": "6.4", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.30", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.9", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/b008e327fa570aca210f98c817757649bae56694"}, {"url": "https://git.kernel.org/stable/c/ea6628e4e2353978af7e3b4ad4fdaab6149acf3d"}, {"url": "https://git.kernel.org/stable/c/aea702dde7e9876fb00571a2602f25130847bf0f"}], "title": "riscv: Fix loading 64-bit NOMMU kernels past the start of RAM", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35987", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-21T15:11:39.923129Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:34:49.643Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:30:12.480Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/b008e327fa570aca210f98c817757649bae56694", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ea6628e4e2353978af7e3b4ad4fdaab6149acf3d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/aea702dde7e9876fb00571a2602f25130847bf0f", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/b008e327fa570aca210f98c817757649bae56694", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ea6628e4e2353978af7e3b4ad4fdaab6149acf3d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/aea702dde7e9876fb00571a2602f25130847bf0f", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:30:12.480Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35987", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-21T15:11:39.923129Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:25.150Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "riscv: Fix loading 64-bit NOMMU kernels past the start of RAM", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "3335068f87217ea59d08f462187dc856652eea15", "lessThan": "b008e327fa570aca210f98c817757649bae56694", "versionType": "git"}, {"status": "affected", "version": "3335068f87217ea59d08f462187dc856652eea15", "lessThan": "ea6628e4e2353978af7e3b4ad4fdaab6149acf3d", "versionType": "git"}, {"status": "affected", "version": "3335068f87217ea59d08f462187dc856652eea15", "lessThan": "aea702dde7e9876fb00571a2602f25130847bf0f", "versionType": "git"}], "programFiles": ["arch/riscv/include/asm/page.h", "arch/riscv/mm/init.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.4"}, {"status": "unaffected", "version": "0", "lessThan": "6.4", "versionType": "semver"}, {"status": "unaffected", "version": "6.6.30", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.8.9", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["arch/riscv/include/asm/page.h", "arch/riscv/mm/init.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/b008e327fa570aca210f98c817757649bae56694"}, {"url": "https://git.kernel.org/stable/c/ea6628e4e2353978af7e3b4ad4fdaab6149acf3d"}, {"url": "https://git.kernel.org/stable/c/aea702dde7e9876fb00571a2602f25130847bf0f"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Fix loading 64-bit NOMMU kernels past the start of RAM\n\ncommit 3335068f8721 (\"riscv: Use PUD/P4D/PGD pages for the linear\nmapping\") added logic to allow using RAM below the kernel load address.\nHowever, this does not work for NOMMU, where PAGE_OFFSET is fixed to the\nkernel load address. Since that range of memory corresponds to PFNs\nbelow ARCH_PFN_OFFSET, mm initialization runs off the beginning of\nmem_map and corrupts adjacent kernel memory. Fix this by restoring the\nprevious behavior for NOMMU kernels."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:59:41.426Z"}}}, "cveMetadata": {"cveId": "CVE-2024-35987", "state": "PUBLISHED", "dateUpdated": "2024-12-19T08:59:41.426Z", "dateReserved": "2024-05-17T13:50:33.145Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-20T09:47:53.717Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Fix loading 64-bit NOMMU kernels past the start of RAM\n\ncommit 3335068f8721 (\"riscv: Use PUD/P4D/PGD pages for the linear\nmapping\") added logic to allow using RAM below the kernel load address.\nHowever, this does not work for NOMMU, where PAGE_OFFSET is fixed to the\nkernel load address. Since that range of memory corresponds to PFNs\nbelow ARCH_PFN_OFFSET, mm initialization runs off the beginning of\nmem_map and corrupts adjacent kernel memory. Fix this by restoring the\nprevious behavior for NOMMU kernels."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: riscv: se corrigi\u00f3 la carga de kernels NOMMU de 64 bits despu\u00e9s del inicio de la confirmaci\u00f3n de RAM. 3335068f8721 (\"riscv: use p\u00e1ginas PUD/P4D/PGD para el mapeo lineal\") se agreg\u00f3 l\u00f3gica para permitir el uso RAM debajo de la direcci\u00f3n de carga del kernel. Sin embargo, esto no funciona para NOMMU, donde PAGE_OFFSET est\u00e1 fijado a la direcci\u00f3n de carga del kernel. Dado que ese rango de memoria corresponde a los PFN por debajo de ARCH_PFN_OFFSET, la inicializaci\u00f3n de mm se ejecuta desde el principio de mem_map y corrompe la memoria del kernel adyacente. Solucione este problema restaurando el comportamiento anterior de los n\u00facleos NOMMU."}], "id": "CVE-2024-35987", "lastModified": "2024-11-21T09:21:22.200", "metrics": {}, "published": "2024-05-20T10:15:13.057", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/aea702dde7e9876fb00571a2602f25130847bf0f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b008e327fa570aca210f98c817757649bae56694"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ea6628e4e2353978af7e3b4ad4fdaab6149acf3d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/aea702dde7e9876fb00571a2602f25130847bf0f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/b008e327fa570aca210f98c817757649bae56694"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/ea6628e4e2353978af7e3b4ad4fdaab6149acf3d"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: riscv: Fix loading 64-bit NOMMU kernels past the start of RAM", "id": "2281852", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281852"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nriscv: Fix loading 64-bit NOMMU kernels past the start of RAM\ncommit 3335068f8721 (\"riscv: Use PUD/P4D/PGD pages for the linear\nmapping\") added logic to allow using RAM below the kernel load address.\nHowever, this does not work for NOMMU, where PAGE_OFFSET is fixed to the\nkernel load address. Since that range of memory corresponds to PFNs\nbelow ARCH_PFN_OFFSET, mm initialization runs off the beginning of\nmem_map and corrupts adjacent kernel memory. Fix this by restoring the\nprevious behavior for NOMMU kernels.", "A vulnerability was found in the Linux kernel that affects 64-bit No Memory Management Unit (NOMMU) systems. The issue arose from a change that allowed using RAM below the kernel load address, which conflicts with the fixed `PAGE_OFFSET` in NOMMU systems. This leads to memory initialization errors and potential kernel memory corruption."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-35987", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-35987\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-35987\nhttps://lore.kernel.org/linux-cve-announce/2024052019-CVE-2024-35987-c5e7@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate", "upstream_fix": "kernel 6.6.30, kernel 6.8.9, kernel 6.9"}