{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-57884", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-01-11T14:45:42.024Z", "datePublished": "2025-01-15T13:05:37.152Z", "dateUpdated": "2025-11-03T20:54:54.121Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T10:05:50.618Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim()\n\nThe task sometimes continues looping in throttle_direct_reclaim() because\nallow_direct_reclaim(pgdat) keeps returning false. \n\n #0 [ffff80002cb6f8d0] __switch_to at ffff8000080095ac\n #1 [ffff80002cb6f900] __schedule at ffff800008abbd1c\n #2 [ffff80002cb6f990] schedule at ffff800008abc50c\n #3 [ffff80002cb6f9b0] throttle_direct_reclaim at ffff800008273550\n #4 [ffff80002cb6fa20] try_to_free_pages at ffff800008277b68\n #5 [ffff80002cb6fae0] __alloc_pages_nodemask at ffff8000082c4660\n #6 [ffff80002cb6fc50] alloc_pages_vma at ffff8000082e4a98\n #7 [ffff80002cb6fca0] do_anonymous_page at ffff80000829f5a8\n #8 [ffff80002cb6fce0] __handle_mm_fault at ffff8000082a5974\n #9 [ffff80002cb6fd90] handle_mm_fault at ffff8000082a5bd4\n\nAt this point, the pgdat contains the following two zones:\n\n NODE: 4 ZONE: 0 ADDR: ffff00817fffe540 NAME: \"DMA32\"\n SIZE: 20480 MIN/LOW/HIGH: 11/28/45\n VM_STAT:\n NR_FREE_PAGES: 359\n NR_ZONE_INACTIVE_ANON: 18813\n NR_ZONE_ACTIVE_ANON: 0\n NR_ZONE_INACTIVE_FILE: 50\n NR_ZONE_ACTIVE_FILE: 0\n NR_ZONE_UNEVICTABLE: 0\n NR_ZONE_WRITE_PENDING: 0\n NR_MLOCK: 0\n NR_BOUNCE: 0\n NR_ZSPAGES: 0\n NR_FREE_CMA_PAGES: 0\n\n NODE: 4 ZONE: 1 ADDR: ffff00817fffec00 NAME: \"Normal\"\n SIZE: 8454144 PRESENT: 98304 MIN/LOW/HIGH: 68/166/264\n VM_STAT:\n NR_FREE_PAGES: 146\n NR_ZONE_INACTIVE_ANON: 94668\n NR_ZONE_ACTIVE_ANON: 3\n NR_ZONE_INACTIVE_FILE: 735\n NR_ZONE_ACTIVE_FILE: 78\n NR_ZONE_UNEVICTABLE: 0\n NR_ZONE_WRITE_PENDING: 0\n NR_MLOCK: 0\n NR_BOUNCE: 0\n NR_ZSPAGES: 0\n NR_FREE_CMA_PAGES: 0\n\nIn allow_direct_reclaim(), while processing ZONE_DMA32, the sum of\ninactive/active file-backed pages calculated in zone_reclaimable_pages()\nbased on the result of zone_page_state_snapshot() is zero. \n\nAdditionally, since this system lacks swap, the calculation of inactive/\nactive anonymous pages is skipped.\n\n crash> p nr_swap_pages\n nr_swap_pages = $1937 = {\n counter = 0\n }\n\nAs a result, ZONE_DMA32 is deemed unreclaimable and skipped, moving on to\nthe processing of the next zone, ZONE_NORMAL, despite ZONE_DMA32 having\nfree pages significantly exceeding the high watermark.\n\nThe problem is that the pgdat->kswapd_failures hasn't been incremented.\n\n crash> px ((struct pglist_data *) 0xffff00817fffe540)->kswapd_failures\n $1935 = 0x0\n\nThis is because the node deemed balanced. The node balancing logic in\nbalance_pgdat() evaluates all zones collectively. If one or more zones\n(e.g., ZONE_DMA32) have enough free pages to meet their watermarks, the\nentire node is deemed balanced. This causes balance_pgdat() to exit early\nbefore incrementing the kswapd_failures, as it considers the overall\nmemory state acceptable, even though some zones (like ZONE_NORMAL) remain\nunder significant pressure.\n\n\nThe patch ensures that zone_reclaimable_pages() includes free pages\n(NR_FREE_PAGES) in its calculation when no other reclaimable pages are\navailable (e.g., file-backed or anonymous pages). This change prevents\nzones like ZONE_DMA32, which have sufficient free pages, from being\nmistakenly deemed unreclaimable. By doing so, the patch ensures proper\nnode balancing, avoids masking pressure on other zones like ZONE_NORMAL,\nand prevents infinite loops in throttle_direct_reclaim() caused by\nallow_direct_reclaim(pgdat) repeatedly returning false.\n\n\nThe kernel hangs due to a task stuck in throttle_direct_reclaim(), caused\nby a node being incorrectly deemed balanced despite pressure in certain\nzones, such as ZONE_NORMAL. This issue arises from\nzone_reclaimable_pages\n---truncated---"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["mm/vmscan.c"], "versions": [{"version": "5a1c84b404a7176b8b36e2a0041b6f0adb3151a3", "lessThan": "66cd37660ec34ec444fe42f2277330ae4a36bb19", "status": "affected", "versionType": "git"}, {"version": "5a1c84b404a7176b8b36e2a0041b6f0adb3151a3", "lessThan": "d675fefbaec3815b3ae0af1bebd97f27df3a05c8", "status": "affected", "versionType": "git"}, {"version": "5a1c84b404a7176b8b36e2a0041b6f0adb3151a3", "lessThan": "63eac98d6f0898229f515cb62fe4e4db2430e99c", "status": "affected", "versionType": "git"}, {"version": "5a1c84b404a7176b8b36e2a0041b6f0adb3151a3", "lessThan": "bfb701192129803191c9cd6cdd1f82cd07f8de2c", "status": "affected", "versionType": "git"}, {"version": "5a1c84b404a7176b8b36e2a0041b6f0adb3151a3", "lessThan": "1ff2302e8aeac7f2eedb551d7a89617283b5c6b2", "status": "affected", "versionType": "git"}, {"version": "5a1c84b404a7176b8b36e2a0041b6f0adb3151a3", "lessThan": "58d0d02dbc67438fc80223fdd7bbc49cf0733284", "status": "affected", "versionType": "git"}, {"version": "5a1c84b404a7176b8b36e2a0041b6f0adb3151a3", "lessThan": "6aaced5abd32e2a57cd94fd64f824514d0361da8", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["mm/vmscan.c"], "versions": [{"version": "4.8", "status": "affected"}, {"version": "0", "lessThan": "4.8", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.289", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.233", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.176", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.124", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.70", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.9", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.8", "versionEndExcluding": "5.4.289"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.8", "versionEndExcluding": "5.10.233"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.8", "versionEndExcluding": "5.15.176"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.8", "versionEndExcluding": "6.1.124"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.8", "versionEndExcluding": "6.6.70"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.8", "versionEndExcluding": "6.12.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.8", "versionEndExcluding": "6.13"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/66cd37660ec34ec444fe42f2277330ae4a36bb19"}, {"url": "https://git.kernel.org/stable/c/d675fefbaec3815b3ae0af1bebd97f27df3a05c8"}, {"url": "https://git.kernel.org/stable/c/63eac98d6f0898229f515cb62fe4e4db2430e99c"}, {"url": "https://git.kernel.org/stable/c/bfb701192129803191c9cd6cdd1f82cd07f8de2c"}, {"url": "https://git.kernel.org/stable/c/1ff2302e8aeac7f2eedb551d7a89617283b5c6b2"}, {"url": "https://git.kernel.org/stable/c/58d0d02dbc67438fc80223fdd7bbc49cf0733284"}, {"url": "https://git.kernel.org/stable/c/6aaced5abd32e2a57cd94fd64f824514d0361da8"}], "title": "mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim()", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T20:54:54.121Z"}}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AFEE1CE8-F8D1-4B61-A4A1-164EE28392E6", "versionEndExcluding": "5.4.289", "versionStartIncluding": "4.8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "44569A17-FE4C-4BE3-9C0C-74AC54C7B51B", "versionEndExcluding": "5.10.233", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "DDBD8FC6-2357-4347-BFA1-B4A4A3039F35", "versionEndExcluding": "5.15.176", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B69CE1B-5219-42EB-B7DD-7E7D7F1DB032", "versionEndExcluding": "6.1.124", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "51E6CFF2-92AA-4936-95AB-2D068168A696", "versionEndExcluding": "6.6.70", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D13AF97-FFED-4B68-906D-CFE38D0B88DD", "versionEndExcluding": "6.12.9", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*", "matchCriteriaId": "62567B3C-6CEE-46D0-BC2E-B3717FBF7D13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*", "matchCriteriaId": "5A073481-106D-4B15-B4C7-FB0213B8E1D4", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*", "matchCriteriaId": "DE491969-75AE-4A6B-9A58-8FC5AF98798F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc4:*:*:*:*:*:*", "matchCriteriaId": "93C0660D-7FB8-4FBA-892A-B064BA71E49E", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc5:*:*:*:*:*:*", "matchCriteriaId": "034C36A6-C481-41F3-AE9A-D116E5BE6895", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim()\n\nThe task sometimes continues looping in throttle_direct_reclaim() because\nallow_direct_reclaim(pgdat) keeps returning false. \n\n #0 [ffff80002cb6f8d0] __switch_to at ffff8000080095ac\n #1 [ffff80002cb6f900] __schedule at ffff800008abbd1c\n #2 [ffff80002cb6f990] schedule at ffff800008abc50c\n #3 [ffff80002cb6f9b0] throttle_direct_reclaim at ffff800008273550\n #4 [ffff80002cb6fa20] try_to_free_pages at ffff800008277b68\n #5 [ffff80002cb6fae0] __alloc_pages_nodemask at ffff8000082c4660\n #6 [ffff80002cb6fc50] alloc_pages_vma at ffff8000082e4a98\n #7 [ffff80002cb6fca0] do_anonymous_page at ffff80000829f5a8\n #8 [ffff80002cb6fce0] __handle_mm_fault at ffff8000082a5974\n #9 [ffff80002cb6fd90] handle_mm_fault at ffff8000082a5bd4\n\nAt this point, the pgdat contains the following two zones:\n\n NODE: 4 ZONE: 0 ADDR: ffff00817fffe540 NAME: \"DMA32\"\n SIZE: 20480 MIN/LOW/HIGH: 11/28/45\n VM_STAT:\n NR_FREE_PAGES: 359\n NR_ZONE_INACTIVE_ANON: 18813\n NR_ZONE_ACTIVE_ANON: 0\n NR_ZONE_INACTIVE_FILE: 50\n NR_ZONE_ACTIVE_FILE: 0\n NR_ZONE_UNEVICTABLE: 0\n NR_ZONE_WRITE_PENDING: 0\n NR_MLOCK: 0\n NR_BOUNCE: 0\n NR_ZSPAGES: 0\n NR_FREE_CMA_PAGES: 0\n\n NODE: 4 ZONE: 1 ADDR: ffff00817fffec00 NAME: \"Normal\"\n SIZE: 8454144 PRESENT: 98304 MIN/LOW/HIGH: 68/166/264\n VM_STAT:\n NR_FREE_PAGES: 146\n NR_ZONE_INACTIVE_ANON: 94668\n NR_ZONE_ACTIVE_ANON: 3\n NR_ZONE_INACTIVE_FILE: 735\n NR_ZONE_ACTIVE_FILE: 78\n NR_ZONE_UNEVICTABLE: 0\n NR_ZONE_WRITE_PENDING: 0\n NR_MLOCK: 0\n NR_BOUNCE: 0\n NR_ZSPAGES: 0\n NR_FREE_CMA_PAGES: 0\n\nIn allow_direct_reclaim(), while processing ZONE_DMA32, the sum of\ninactive/active file-backed pages calculated in zone_reclaimable_pages()\nbased on the result of zone_page_state_snapshot() is zero. \n\nAdditionally, since this system lacks swap, the calculation of inactive/\nactive anonymous pages is skipped.\n\n crash> p nr_swap_pages\n nr_swap_pages = $1937 = {\n counter = 0\n }\n\nAs a result, ZONE_DMA32 is deemed unreclaimable and skipped, moving on to\nthe processing of the next zone, ZONE_NORMAL, despite ZONE_DMA32 having\nfree pages significantly exceeding the high watermark.\n\nThe problem is that the pgdat->kswapd_failures hasn't been incremented.\n\n crash> px ((struct pglist_data *) 0xffff00817fffe540)->kswapd_failures\n $1935 = 0x0\n\nThis is because the node deemed balanced. The node balancing logic in\nbalance_pgdat() evaluates all zones collectively. If one or more zones\n(e.g., ZONE_DMA32) have enough free pages to meet their watermarks, the\nentire node is deemed balanced. This causes balance_pgdat() to exit early\nbefore incrementing the kswapd_failures, as it considers the overall\nmemory state acceptable, even though some zones (like ZONE_NORMAL) remain\nunder significant pressure.\n\n\nThe patch ensures that zone_reclaimable_pages() includes free pages\n(NR_FREE_PAGES) in its calculation when no other reclaimable pages are\navailable (e.g., file-backed or anonymous pages). This change prevents\nzones like ZONE_DMA32, which have sufficient free pages, from being\nmistakenly deemed unreclaimable. By doing so, the patch ensures proper\nnode balancing, avoids masking pressure on other zones like ZONE_NORMAL,\nand prevents infinite loops in throttle_direct_reclaim() caused by\nallow_direct_reclaim(pgdat) repeatedly returning false.\n\n\nThe kernel hangs due to a task stuck in throttle_direct_reclaim(), caused\nby a node being incorrectly deemed balanced despite pressure in certain\nzones, such as ZONE_NORMAL. This issue arises from\nzone_reclaimable_pages\n---truncated---"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm: vmscan: tiene en cuenta las p\u00e1ginas libres para evitar un bucle infinito en throttle_direct_reclaim() La tarea a veces contin\u00faa en bucle en throttle_direct_reclaim() porque allow_direct_reclaim(pgdat) sigue devolviendo falso. #0 [ffff80002cb6f8d0] __switch_to en ffff8000080095ac #1 [ffff80002cb6f900] __schedule en ffff800008abbd1c #2 [ffff80002cb6f990] schedule en ffff800008abc50c #3 [ffff80002cb6f9b0] throttle_direct_reclaim en ffff800008273550 #4 [ffff80002cb6fa20] try_to_free_pages en ffff800008277b68 #5 [ffff80002cb6fae0] __alloc_pages_nodemask en ffff8000082c4660 #6 [ffff80002cb6fc50] alloc_pages_vma en ffff8000082e4a98 #7 [ffff80002cb6fca0] do_anonymous_page en ffff80000829f5a8 #8 [ffff80002cb6fce0] __handle_mm_fault en ffff8000082a5974 #9 [ffff80002cb6fd90] handle_mm_fault en ffff8000082a5bd4 En este punto, el pgdat contiene las siguientes dos zonas: NODO: 4 ZONA: 0 DIRECCI\u00d3N: ffff00817fffe540 NOMBRE: \"DMA32\" TAMA\u00d1O: 20480 M\u00cdN./BAJO/ALTO: 11/28/45 ESTAD\u00cdSTICA DE VM: NR_P\u00c1GINAS_LIBRES: 359 NR_ZONA_INACTIVA_ANON: 18813 NR_ZONA_ACTIVA_ANON: 0 NR_ZONA_ARCHIVO_INACTIVO: 50 NR_ZONA_ARCHIVO_ACTIVO: 0 NR_ZONA_UNEVICTABLE: 0 NR_ZONA_ESCRITURA_PENDIENTE: 0 NR_MLOCK: 0 NR_BOUNCE: 0 NR_ZSPAGES: 0 NR_P\u00c1GINAS_CMA_LIBRES: 0 NODO: 4 ZONA: 1 DIRECCI\u00d3N: ffff00817fffec00 NOMBRE: \"Normal\" TAMA\u00d1O: 8454144 PRESENTE: 98304 M\u00cdN./BAJO/ALTO: 68/166/264 ESTAD\u00cdSTICO_VM: NR_P\u00c1GINAS_LIBRES: 146 NR_ZONE_INACTIVE_ANON: 94668 NR_ZONE_ACTIVE_ANON: 3 NR_ZONE_INACTIVE_FILE: 735 NR_ZONE_ACTIVE_FILE: 78 NR_ZONE_UNEVICTABLE: 0 NR_ZONE_WRITE_PENDING: 0 NR_MLOCK: 0 NR_BOUNCE: 0 NR_ZSPAGES: 0 NR_FREE_CMA_PAGES: 0 En allow_direct_reclaim(), mientras se procesa ZONE_DMA32, la suma de p\u00e1ginas inactivas/activas respaldadas por archivos calculada en zone_reclaimable_pages() en funci\u00f3n del resultado de zone_page_state_snapshot() es cero. Adem\u00e1s, dado que este sistema carece de intercambio, se omite el c\u00e1lculo de p\u00e1ginas an\u00f3nimas inactivas/activas. crash> p nr_swap_pages nr_swap_pages = $1937 = { counter = 0 } Como resultado, ZONE_DMA32 se considera irrecuperable y se omite, pasando al procesamiento de la siguiente zona, ZONE_NORMAL, a pesar de que ZONE_DMA32 tiene p\u00e1ginas libres que exceden significativamente la marca de agua alta. El problema es que pgdat->kswapd_failures no se ha incrementado. crash> px ((struct pglist_data *) 0xffff00817fffe540)->kswapd_failures $1935 = 0x0 Esto se debe a que el nodo se considera equilibrado. La l\u00f3gica de equilibrio de nodos en balance_pgdat() eval\u00faa todas las zonas colectivamente. Si una o m\u00e1s zonas (por ejemplo, ZONE_DMA32) tienen suficientes p\u00e1ginas libres para cumplir con sus marcas de agua, todo el nodo se considera equilibrado. Esto hace que balance_pgdat() salga antes de incrementar kswapd_failures, ya que considera que el estado general de la memoria es aceptable, aunque algunas zonas (como ZONE_NORMAL) permanezcan bajo una presi\u00f3n significativa. El parche garantiza que zone_reclaimable_pages() incluya p\u00e1ginas libres (NR_FREE_PAGES) en su c\u00e1lculo cuando no haya otras p\u00e1ginas recuperables disponibles (por ejemplo, p\u00e1ginas an\u00f3nimas o respaldadas por archivos). Este cambio evita que zonas como ZONE_DMA32, que tienen suficientes p\u00e1ginas libres, se consideren por error no recuperables. Al hacerlo, el parche garantiza un equilibrio adecuado de los nodos, evita enmascarar la presi\u00f3n en otras zonas como ZONE_NORMAL y evita bucles infinitos en throttle_direct_reclaim() causados por allow_direct_reclaim(pgdat) que devuelve falso repetidamente. El n\u00facleo se cuelga debido a una tarea atascada en throttle_direct_reclaim(), causada por un nodo que se considera incorrectamente equilibrado a pesar de la presi\u00f3n en ciertas zonas, como ZONE_NORMAL. Este problema surge de zone_reclaimable_pages ---truncado---"}], "id": "CVE-2024-57884", "lastModified": "2025-11-03T21:18:37.380", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-01-15T13:15:12.757", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1ff2302e8aeac7f2eedb551d7a89617283b5c6b2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/58d0d02dbc67438fc80223fdd7bbc49cf0733284"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/63eac98d6f0898229f515cb62fe4e4db2430e99c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/66cd37660ec34ec444fe42f2277330ae4a36bb19"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6aaced5abd32e2a57cd94fd64f824514d0361da8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bfb701192129803191c9cd6cdd1f82cd07f8de2c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d675fefbaec3815b3ae0af1bebd97f27df3a05c8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-835"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2025:6966", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-570.12.1.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-05-13T00:00:00Z"}, {"advisory": "RHSA-2025:6966", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-570.12.1.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-05-13T00:00:00Z"}], "bugzilla": {"description": "kernel: mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim()", "id": "2338199", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2338199"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-835", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nmm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim()\nThe task sometimes continues looping in throttle_direct_reclaim() because\nallow_direct_reclaim(pgdat) keeps returning false. \n#0 [ffff80002cb6f8d0] __switch_to at ffff8000080095ac\n#1 [ffff80002cb6f900] __schedule at ffff800008abbd1c\n#2 [ffff80002cb6f990] schedule at ffff800008abc50c\n#3 [ffff80002cb6f9b0] throttle_direct_reclaim at ffff800008273550\n#4 [ffff80002cb6fa20] try_to_free_pages at ffff800008277b68\n#5 [ffff80002cb6fae0] __alloc_pages_nodemask at ffff8000082c4660\n#6 [ffff80002cb6fc50] alloc_pages_vma at ffff8000082e4a98\n#7 [ffff80002cb6fca0] do_anonymous_page at ffff80000829f5a8\n#8 [ffff80002cb6fce0] __handle_mm_fault at ffff8000082a5974\n#9 [ffff80002cb6fd90] handle_mm_fault at ffff8000082a5bd4\nAt this point, the pgdat contains the following two zones:\nNODE: 4 ZONE: 0 ADDR: ffff00817fffe540 NAME: \"DMA32\"\nSIZE: 20480 MIN/LOW/HIGH: 11/28/45\nVM_STAT:\nNR_FREE_PAGES: 359\nNR_ZONE_INACTIVE_ANON: 18813\nNR_ZONE_ACTIVE_ANON: 0\nNR_ZONE_INACTIVE_FILE: 50\nNR_ZONE_ACTIVE_FILE: 0\nNR_ZONE_UNEVICTABLE: 0\nNR_ZONE_WRITE_PENDING: 0\nNR_MLOCK: 0\nNR_BOUNCE: 0\nNR_ZSPAGES: 0\nNR_FREE_CMA_PAGES: 0\nNODE: 4 ZONE: 1 ADDR: ffff00817fffec00 NAME: \"Normal\"\nSIZE: 8454144 PRESENT: 98304 MIN/LOW/HIGH: 68/166/264\nVM_STAT:\nNR_FREE_PAGES: 146\nNR_ZONE_INACTIVE_ANON: 94668\nNR_ZONE_ACTIVE_ANON: 3\nNR_ZONE_INACTIVE_FILE: 735\nNR_ZONE_ACTIVE_FILE: 78\nNR_ZONE_UNEVICTABLE: 0\nNR_ZONE_WRITE_PENDING: 0\nNR_MLOCK: 0\nNR_BOUNCE: 0\nNR_ZSPAGES: 0\nNR_FREE_CMA_PAGES: 0\nIn allow_direct_reclaim(), while processing ZONE_DMA32, the sum of\ninactive/active file-backed pages calculated in zone_reclaimable_pages()\nbased on the result of zone_page_state_snapshot() is zero. \nAdditionally, since this system lacks swap, the calculation of inactive/\nactive anonymous pages is skipped.\ncrash> p nr_swap_pages\nnr_swap_pages = $1937 = {\ncounter = 0\n}\nAs a result, ZONE_DMA32 is deemed unreclaimable and skipped, moving on to\nthe processing of the next zone, ZONE_NORMAL, despite ZONE_DMA32 having\nfree pages significantly exceeding the high watermark.\nThe problem is that the pgdat->kswapd_failures hasn't been incremented.\ncrash> px ((struct pglist_data *) 0xffff00817fffe540)->kswapd_failures\n$1935 = 0x0\nThis is because the node deemed balanced. The node balancing logic in\nbalance_pgdat() evaluates all zones collectively. If one or more zones\n(e.g., ZONE_DMA32) have enough free pages to meet their watermarks, the\nentire node is deemed balanced. This causes balance_pgdat() to exit early\nbefore incrementing the kswapd_failures, as it considers the overall\nmemory state acceptable, even though some zones (like ZONE_NORMAL) remain\nunder significant pressure.\nThe patch ensures that zone_reclaimable_pages() includes free pages\n(NR_FREE_PAGES) in its calculation when no other reclaimable pages are\navailable (e.g., file-backed or anonymous pages). This change prevents\nzones like ZONE_DMA32, which have sufficient free pages, from being\nmistakenly deemed unreclaimable. By doing so, the patch ensures proper\nnode balancing, avoids masking pressure on other zones like ZONE_NORMAL,\nand prevents infinite loops in throttle_direct_reclaim() caused by\nallow_direct_reclaim(pgdat) repeatedly returning false.\nThe kernel hangs due to a task stuck in throttle_direct_reclaim(), caused\nby a node being incorrectly deemed balanced despite pressure in certain\nzones, such as ZONE_NORMAL. This issue arises from\nzone_reclaimable_pages\n---truncated---"], "name": "CVE-2024-57884", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-01-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-57884\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-57884\nhttps://lore.kernel.org/linux-cve-announce/2025011510-CVE-2024-57884-4cf8@gregkh/T"], "threat_severity": "Moderate"}

{}