CVE-2024-26783: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index With numa balancing on, when a numa system is running where a numa node doesn't have its local memory so it has no managed zones, the following oops has been observed. It's because wakeup_kswapd() is called with a wrong zone index, -1. Fixed it by checking the index before calling wakeup_kswapd(). > BUG: unable to handle page fault for address: 00000000000033f3 > #PF: supervisor read access in kernel mode > #PF: error_code(0x0000) - not-present page > PGD 0 P4D 0 > Oops: 0000 [#1] PREEMPT SMP NOPTI > CPU: 2 PID: 895 Comm: masim Not tainted 6.6.0-dirty #255 > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS > rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 > RIP: 0010:wakeup_kswapd (./linux/mm/vmscan.c:7812) > Code: (omitted) > RSP: 0000:ffffc90004257d58 EFLAGS: 00010286 > RAX: ffffffffffffffff RBX: ffff88883fff0480 RCX: 0000000000000003 > RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88883fff0480 > RBP: ffffffffffffffff R08: ff0003ffffffffff R09: ffffffffffffffff > R10: ffff888106c95540 R11: 0000000055555554 R12: 0000000000000003 > R13: 0000000000000000 R14: 0000000000000000 R15: ffff88883fff0940 > FS: 00007fc4b8124740(0000) GS:ffff888827c00000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 00000000000033f3 CR3: 000000026cc08004 CR4: 0000000000770ee0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > PKRU: 55555554 > Call Trace: > <TASK> > ? __die > ? page_fault_oops > ? __pte_offset_map_lock > ? exc_page_fault > ? asm_exc_page_fault > ? wakeup_kswapd > migrate_misplaced_page > __handle_mm_fault > handle_mm_fault > do_user_addr_fault > exc_page_fault > asm_exc_page_fault > RIP: 0033:0x55b897ba0808 > Code: (omitted) > RSP: 002b:00007ffeefa821a0 EFLAGS: 00010287 > RAX: 000055b89983acd0 RBX: 00007ffeefa823f8 RCX: 000055b89983acd0 > RDX: 00007fc2f8122010 RSI: 0000000000020000 RDI: 000055b89983acd0 > RBP: 00007ffeefa821a0 R08: 0000000000000037 R09: 0000000000000075 > R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 > R13: 00007ffeefa82410 R14: 000055b897ba5dd8 R15: 00007fc4b8340000 > </TASK>
AI Analysis
Technical Summary
CVE-2024-26783 is a vulnerability in the Linux kernel's memory management subsystem, specifically within the virtual memory scanning (vmscan) component responsible for managing memory pressure and reclaiming pages. The flaw arises when NUMA (Non-Uniform Memory Access) balancing is enabled on systems where a NUMA node lacks local memory and thus has no managed zones. In this scenario, the kernel incorrectly calls the wakeup_kswapd() function with an invalid zone index (-1). This improper call leads to a kernel oops, a type of kernel panic caused by an invalid memory access, resulting in a page fault in kernel mode. The bug manifests as a supervisor read access fault on a non-present page, causing instability and potential crashes of the affected Linux system. The root cause is the failure to validate the zone index before invoking wakeup_kswapd(), which is responsible for waking the kernel swap daemon to reclaim memory. The vulnerability has been fixed by adding a check on the zone index prior to the function call. The issue is relevant to Linux kernel versions prior to the fix and affects systems configured with NUMA balancing where certain NUMA nodes have no local memory zones. The vulnerability does not appear to have known exploits in the wild as of the publication date. However, the kernel panic and system instability it causes could be triggered by attackers or faulty workloads, leading to denial of service (DoS). The vulnerability is technical and specific to Linux kernel memory management on NUMA architectures, which are common in high-performance servers and virtualization hosts.
Potential Impact
For European organizations, the impact of CVE-2024-26783 primarily concerns availability and system stability. Organizations running Linux servers with NUMA-enabled hardware configurations—common in data centers, cloud providers, and enterprises using high-performance computing—may experience unexpected kernel crashes or system reboots if this vulnerability is triggered. This can disrupt critical services, leading to downtime and potential loss of productivity. Although the vulnerability does not directly expose confidentiality or integrity risks, the resulting denial of service could be exploited by attackers to degrade service availability or cause operational interruptions. This is particularly significant for sectors relying on Linux-based infrastructure for critical applications, such as finance, telecommunications, healthcare, and government services across Europe. Additionally, virtualized environments and cloud platforms using NUMA-aware Linux kernels could be affected, impacting multi-tenant services and hosted workloads. The lack of known exploits reduces immediate risk, but the potential for accidental triggering by workloads or malicious actors remains a concern. Organizations with strict uptime requirements and those operating NUMA-enabled Linux systems should prioritize addressing this vulnerability to maintain service reliability.
Mitigation Recommendations
To mitigate CVE-2024-26783, European organizations should: 1) Apply the official Linux kernel patches that fix the zone index validation in wakeup_kswapd() as soon as they become available from their Linux distribution vendors. 2) If immediate patching is not feasible, consider temporarily disabling NUMA balancing on affected systems to avoid triggering the bug, understanding this may impact performance. 3) Monitor kernel logs and system stability closely for signs of kernel oops or crashes related to memory management, especially on NUMA-enabled servers. 4) Test workloads in staging environments with NUMA configurations to detect potential triggering conditions before production deployment. 5) Coordinate with hardware and virtualization vendors to ensure compatibility and receive guidance on kernel updates. 6) Implement robust system monitoring and automated recovery mechanisms to minimize downtime in case of unexpected kernel failures. 7) Maintain up-to-date backups and disaster recovery plans to mitigate operational impact from potential service interruptions. These steps go beyond generic advice by focusing on NUMA-specific configurations and proactive monitoring tailored to the vulnerability's technical context.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland, Belgium
CVE-2024-26783: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index With numa balancing on, when a numa system is running where a numa node doesn't have its local memory so it has no managed zones, the following oops has been observed. It's because wakeup_kswapd() is called with a wrong zone index, -1. Fixed it by checking the index before calling wakeup_kswapd(). > BUG: unable to handle page fault for address: 00000000000033f3 > #PF: supervisor read access in kernel mode > #PF: error_code(0x0000) - not-present page > PGD 0 P4D 0 > Oops: 0000 [#1] PREEMPT SMP NOPTI > CPU: 2 PID: 895 Comm: masim Not tainted 6.6.0-dirty #255 > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS > rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 > RIP: 0010:wakeup_kswapd (./linux/mm/vmscan.c:7812) > Code: (omitted) > RSP: 0000:ffffc90004257d58 EFLAGS: 00010286 > RAX: ffffffffffffffff RBX: ffff88883fff0480 RCX: 0000000000000003 > RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88883fff0480 > RBP: ffffffffffffffff R08: ff0003ffffffffff R09: ffffffffffffffff > R10: ffff888106c95540 R11: 0000000055555554 R12: 0000000000000003 > R13: 0000000000000000 R14: 0000000000000000 R15: ffff88883fff0940 > FS: 00007fc4b8124740(0000) GS:ffff888827c00000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 00000000000033f3 CR3: 000000026cc08004 CR4: 0000000000770ee0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > PKRU: 55555554 > Call Trace: > <TASK> > ? __die > ? page_fault_oops > ? __pte_offset_map_lock > ? exc_page_fault > ? asm_exc_page_fault > ? wakeup_kswapd > migrate_misplaced_page > __handle_mm_fault > handle_mm_fault > do_user_addr_fault > exc_page_fault > asm_exc_page_fault > RIP: 0033:0x55b897ba0808 > Code: (omitted) > RSP: 002b:00007ffeefa821a0 EFLAGS: 00010287 > RAX: 000055b89983acd0 RBX: 00007ffeefa823f8 RCX: 000055b89983acd0 > RDX: 00007fc2f8122010 RSI: 0000000000020000 RDI: 000055b89983acd0 > RBP: 00007ffeefa821a0 R08: 0000000000000037 R09: 0000000000000075 > R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 > R13: 00007ffeefa82410 R14: 000055b897ba5dd8 R15: 00007fc4b8340000 > </TASK>
AI-Powered Analysis
Technical Analysis
CVE-2024-26783 is a vulnerability in the Linux kernel's memory management subsystem, specifically within the virtual memory scanning (vmscan) component responsible for managing memory pressure and reclaiming pages. The flaw arises when NUMA (Non-Uniform Memory Access) balancing is enabled on systems where a NUMA node lacks local memory and thus has no managed zones. In this scenario, the kernel incorrectly calls the wakeup_kswapd() function with an invalid zone index (-1). This improper call leads to a kernel oops, a type of kernel panic caused by an invalid memory access, resulting in a page fault in kernel mode. The bug manifests as a supervisor read access fault on a non-present page, causing instability and potential crashes of the affected Linux system. The root cause is the failure to validate the zone index before invoking wakeup_kswapd(), which is responsible for waking the kernel swap daemon to reclaim memory. The vulnerability has been fixed by adding a check on the zone index prior to the function call. The issue is relevant to Linux kernel versions prior to the fix and affects systems configured with NUMA balancing where certain NUMA nodes have no local memory zones. The vulnerability does not appear to have known exploits in the wild as of the publication date. However, the kernel panic and system instability it causes could be triggered by attackers or faulty workloads, leading to denial of service (DoS). The vulnerability is technical and specific to Linux kernel memory management on NUMA architectures, which are common in high-performance servers and virtualization hosts.
Potential Impact
For European organizations, the impact of CVE-2024-26783 primarily concerns availability and system stability. Organizations running Linux servers with NUMA-enabled hardware configurations—common in data centers, cloud providers, and enterprises using high-performance computing—may experience unexpected kernel crashes or system reboots if this vulnerability is triggered. This can disrupt critical services, leading to downtime and potential loss of productivity. Although the vulnerability does not directly expose confidentiality or integrity risks, the resulting denial of service could be exploited by attackers to degrade service availability or cause operational interruptions. This is particularly significant for sectors relying on Linux-based infrastructure for critical applications, such as finance, telecommunications, healthcare, and government services across Europe. Additionally, virtualized environments and cloud platforms using NUMA-aware Linux kernels could be affected, impacting multi-tenant services and hosted workloads. The lack of known exploits reduces immediate risk, but the potential for accidental triggering by workloads or malicious actors remains a concern. Organizations with strict uptime requirements and those operating NUMA-enabled Linux systems should prioritize addressing this vulnerability to maintain service reliability.
Mitigation Recommendations
To mitigate CVE-2024-26783, European organizations should: 1) Apply the official Linux kernel patches that fix the zone index validation in wakeup_kswapd() as soon as they become available from their Linux distribution vendors. 2) If immediate patching is not feasible, consider temporarily disabling NUMA balancing on affected systems to avoid triggering the bug, understanding this may impact performance. 3) Monitor kernel logs and system stability closely for signs of kernel oops or crashes related to memory management, especially on NUMA-enabled servers. 4) Test workloads in staging environments with NUMA configurations to detect potential triggering conditions before production deployment. 5) Coordinate with hardware and virtualization vendors to ensure compatibility and receive guidance on kernel updates. 6) Implement robust system monitoring and automated recovery mechanisms to minimize downtime in case of unexpected kernel failures. 7) Maintain up-to-date backups and disaster recovery plans to mitigate operational impact from potential service interruptions. These steps go beyond generic advice by focusing on NUMA-specific configurations and proactive monitoring tailored to the vulnerability's technical context.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-19T14:20:24.177Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ac4522896dcbe3b92
Added to database: 5/21/2025, 9:08:58 AM
Last enriched: 7/4/2025, 2:27:52 AM
Last updated: 8/12/2025, 12:42:36 AM
Views: 16
Related Threats
CVE-2025-8357: CWE-862 Missing Authorization in dglingren Media Library Assistant
MediumCVE-2025-5417: Incorrect Privilege Assignment in Red Hat Red Hat Developer Hub
MediumCVE-2025-7496: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in wpclever WPC Smart Compare for WooCommerce
MediumCVE-2025-57725
LowCVE-2025-57724
LowActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.