{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-50017", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-10-21T12:17:06.063Z", "datePublished": "2024-10-21T18:54:07.811Z", "dateUpdated": "2024-11-05T09:53:33.677Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:53:33.677Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm/ident_map: Use gbpages only where full GB page should be mapped.\n\nWhen ident_pud_init() uses only GB pages to create identity maps, large\nranges of addresses not actually requested can be included in the resulting\ntable; a 4K request will map a full GB. This can include a lot of extra\naddress space past that requested, including areas marked reserved by the\nBIOS. That allows processor speculation into reserved regions, that on UV\nsystems can cause system halts.\n\nOnly use GB pages when map creation requests include the full GB page of\nspace. Fall back to using smaller 2M pages when only portions of a GB page\nare included in the request.\n\nNo attempt is made to coalesce mapping requests. If a request requires a\nmap entry at the 2M (pmd) level, subsequent mapping requests within the\nsame 1G region will also be at the pmd level, even if adjacent or\noverlapping such requests could have been combined to map a full GB page.\nExisting usage starts with larger regions and then adds smaller regions, so\nthis should not have any great consequence."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/x86/mm/ident_map.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "d80a99892f7a", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "a23823098ab2", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "cc31744a2945", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/x86/mm/ident_map.c"], "versions": [{"version": "6.10.14", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11.3", "lessThanOrEqual": "6.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/d80a99892f7a992d103138fa4636b2c33abd6740"}, {"url": "https://git.kernel.org/stable/c/a23823098ab2c277c14fc110b97d8d5c83597195"}, {"url": "https://git.kernel.org/stable/c/cc31744a294584a36bf764a0ffa3255a8e69f036"}], "title": "x86/mm/ident_map: Use gbpages only where full GB page should be mapped.", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-50017", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-22T13:27:53.496416Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T13:28:47.817Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-50017", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-22T13:27:53.496416Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T13:27:56.614Z"}}], "cna": {"title": "x86/mm/ident_map: Use gbpages only where full GB page should be mapped.", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "d80a99892f7a", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "a23823098ab2", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "cc31744a2945", "versionType": "git"}], "programFiles": ["arch/x86/mm/ident_map.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "6.10.14", "versionType": "semver", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11.3", "versionType": "semver", "lessThanOrEqual": "6.11.*"}, {"status": "unaffected", "version": "6.12-rc1", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["arch/x86/mm/ident_map.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/d80a99892f7a992d103138fa4636b2c33abd6740"}, {"url": "https://git.kernel.org/stable/c/a23823098ab2c277c14fc110b97d8d5c83597195"}, {"url": "https://git.kernel.org/stable/c/cc31744a294584a36bf764a0ffa3255a8e69f036"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm/ident_map: Use gbpages only where full GB page should be mapped.\n\nWhen ident_pud_init() uses only GB pages to create identity maps, large\nranges of addresses not actually requested can be included in the resulting\ntable; a 4K request will map a full GB. This can include a lot of extra\naddress space past that requested, including areas marked reserved by the\nBIOS. That allows processor speculation into reserved regions, that on UV\nsystems can cause system halts.\n\nOnly use GB pages when map creation requests include the full GB page of\nspace. Fall back to using smaller 2M pages when only portions of a GB page\nare included in the request.\n\nNo attempt is made to coalesce mapping requests. If a request requires a\nmap entry at the 2M (pmd) level, subsequent mapping requests within the\nsame 1G region will also be at the pmd level, even if adjacent or\noverlapping such requests could have been combined to map a full GB page.\nExisting usage starts with larger regions and then adds smaller regions, so\nthis should not have any great consequence."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:53:33.677Z"}}}, "cveMetadata": {"cveId": "CVE-2024-50017", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:53:33.677Z", "dateReserved": "2024-10-21T12:17:06.063Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-10-21T18:54:07.811Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "652638C5-5F25-4DF3-AD42-DD3252A97152", "versionEndExcluding": "6.10.14", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "54D9C704-D679-41A7-9C40-10A6B1E7FFE9", "versionEndExcluding": "6.11.3", "versionStartIncluding": "6.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm/ident_map: Use gbpages only where full GB page should be mapped.\n\nWhen ident_pud_init() uses only GB pages to create identity maps, large\nranges of addresses not actually requested can be included in the resulting\ntable; a 4K request will map a full GB. This can include a lot of extra\naddress space past that requested, including areas marked reserved by the\nBIOS. That allows processor speculation into reserved regions, that on UV\nsystems can cause system halts.\n\nOnly use GB pages when map creation requests include the full GB page of\nspace. Fall back to using smaller 2M pages when only portions of a GB page\nare included in the request.\n\nNo attempt is made to coalesce mapping requests. If a request requires a\nmap entry at the 2M (pmd) level, subsequent mapping requests within the\nsame 1G region will also be at the pmd level, even if adjacent or\noverlapping such requests could have been combined to map a full GB page.\nExisting usage starts with larger regions and then adds smaller regions, so\nthis should not have any great consequence."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: x86/mm/ident_map: Utilizar gbpages solo cuando se deba mapear una p\u00e1gina GB completa. Cuando ident_pud_init() utiliza solo p\u00e1ginas GB para crear mapas de identidad, se pueden incluir en la tabla resultante grandes rangos de direcciones que no se solicitaron realmente; una solicitud de 4K mapear\u00e1 un GB completo. Esto puede incluir una gran cantidad de espacio de direcciones adicional m\u00e1s all\u00e1 del solicitado, incluidas las \u00e1reas marcadas como reservadas por el BIOS. Eso permite la especulaci\u00f3n del procesador en regiones reservadas, que en sistemas UV puede causar paradas del sistema. Utilice solo p\u00e1ginas GB cuando las solicitudes de creaci\u00f3n de mapas incluyan la p\u00e1gina GB completa de espacio. Vuelva a utilizar p\u00e1ginas m\u00e1s peque\u00f1as de 2M cuando solo se incluyan partes de una p\u00e1gina GB en la solicitud. No se intenta fusionar las solicitudes de mapeo. Si una solicitud requiere una entrada de mapa en el nivel 2M (pmd), las solicitudes de mapeo posteriores dentro de la misma regi\u00f3n 1G tambi\u00e9n estar\u00e1n en el nivel pmd, incluso si dichas solicitudes adyacentes o superpuestas podr\u00edan haberse combinado para mapear una p\u00e1gina GB completa. El uso actual comienza con regiones m\u00e1s grandes y luego agrega regiones m\u00e1s peque\u00f1as, por lo que esto no deber\u00eda tener grandes consecuencias."}], "id": "CVE-2024-50017", "lastModified": "2024-10-25T20:15:50.067", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-10-21T19:15:05.043", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a23823098ab2c277c14fc110b97d8d5c83597195"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cc31744a294584a36bf764a0ffa3255a8e69f036"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d80a99892f7a992d103138fa4636b2c33abd6740"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: x86/mm/ident_map: Use gbpages only where full GB page should be mapped.", "id": "2320477", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320477"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nx86/mm/ident_map: Use gbpages only where full GB page should be mapped.\nWhen ident_pud_init() uses only GB pages to create identity maps, large\nranges of addresses not actually requested can be included in the resulting\ntable; a 4K request will map a full GB. This can include a lot of extra\naddress space past that requested, including areas marked reserved by the\nBIOS. That allows processor speculation into reserved regions, that on UV\nsystems can cause system halts.\nOnly use GB pages when map creation requests include the full GB page of\nspace. Fall back to using smaller 2M pages when only portions of a GB page\nare included in the request.\nNo attempt is made to coalesce mapping requests. If a request requires a\nmap entry at the 2M (pmd) level, subsequent mapping requests within the\nsame 1G region will also be at the pmd level, even if adjacent or\noverlapping such requests could have been combined to map a full GB page.\nExisting usage starts with larger regions and then adds smaller regions, so\nthis should not have any great consequence."], "name": "CVE-2024-50017", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-10-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-50017\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-50017\nhttps://lore.kernel.org/linux-cve-announce/2024102110-CVE-2024-50017-f157@gregkh/T"], "threat_severity": "Moderate"}