CVE-2024-40914: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: don't unpoison huge_zero_folio When I did memory failure tests recently, below panic occurs: kernel BUG at include/linux/mm.h:1135! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 9 PID: 137 Comm: kswapd1 Not tainted 6.9.0-rc4-00491-gd5ce28f156fe-dirty #14 RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0 RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246 RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0 RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492 R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00 FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0 Call Trace: <TASK> do_shrink_slab+0x14f/0x6a0 shrink_slab+0xca/0x8c0 shrink_node+0x2d0/0x7d0 balance_pgdat+0x33a/0x720 kswapd+0x1f3/0x410 kthread+0xd5/0x100 ret_from_fork+0x2f/0x50 ret_from_fork_asm+0x1a/0x30 </TASK> Modules linked in: mce_inject hwpoison_inject ---[ end trace 0000000000000000 ]--- RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0 RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246 RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0 RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492 R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00 FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0 The root cause is that HWPoison flag will be set for huge_zero_folio without increasing the folio refcnt. But then unpoison_memory() will decrease the folio refcnt unexpectedly as it appears like a successfully hwpoisoned folio leading to VM_BUG_ON_PAGE(page_ref_count(page) == 0) when releasing huge_zero_folio. Skip unpoisoning huge_zero_folio in unpoison_memory() to fix this issue. We're not prepared to unpoison huge_zero_folio yet.
AI Analysis
Technical Summary
CVE-2024-40914 is a vulnerability identified in the Linux kernel related to the handling of huge zero pages in memory management, specifically within the huge_memory subsystem. The issue arises from improper reference counting and unpoisoning of the huge_zero_folio, a special memory page used by the kernel. During memory failure tests, a kernel panic occurs due to an invalid opcode triggered in the function shrink_huge_zero_page_scan. The root cause is that the HWPoison flag is set on the huge_zero_folio without incrementing its reference count. Subsequently, when unpoison_memory() is called, it erroneously decrements the reference count, assuming the folio was successfully poisoned. This leads to a reference count of zero on a page that is still in use, triggering a VM_BUG_ON_PAGE error and causing the kernel to panic. The fix implemented involves skipping the unpoisoning of huge_zero_folio in unpoison_memory(), as the system is not yet prepared to handle unpoisoning of this special folio. This vulnerability affects specific Linux kernel versions identified by their commit hashes, including versions around 6.9.0-rc4. The flaw is a memory management bug that can cause system instability and crashes under certain conditions, particularly when memory failure injection or hardware poisoning mechanisms are in use. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2024-40914 primarily involves system stability and availability risks on Linux-based servers and infrastructure. Since Linux is widely deployed across European enterprises, cloud providers, research institutions, and government agencies, any kernel panic or crash can disrupt critical services, leading to downtime and potential data loss if systems are not properly backed up or clustered. The vulnerability is particularly relevant for environments that utilize hardware error injection for testing or that experience hardware memory faults, as these conditions trigger the problematic code path. Although this vulnerability does not directly lead to privilege escalation or remote code execution, the resulting kernel panic could be exploited by attackers to cause denial of service (DoS) conditions. Systems running affected kernel versions without the patch are at risk of unexpected reboots or crashes, which can degrade operational continuity. Given the prevalence of Linux in cloud and on-premises servers across Europe, especially in sectors like finance, telecommunications, and public administration, the threat to availability is significant. However, since exploitation requires specific conditions (memory failure or poisoning), the risk to confidentiality and integrity is low.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel to versions that include the fix for CVE-2024-40914 as soon as patches become available from their Linux distribution vendors. Until patches are applied, organizations should avoid running memory failure injection tests or hardware poisoning features that could trigger the vulnerability. Monitoring kernel logs for signs of memory management errors or kernel panics related to huge zero pages can help detect attempts to trigger this issue. For critical systems, implementing high availability configurations with failover capabilities can mitigate the impact of unexpected crashes. Additionally, organizations should ensure robust backup and recovery procedures are in place to minimize data loss from sudden system failures. Security teams should coordinate with system administrators to verify kernel versions and apply vendor-supplied patches promptly. Where possible, disabling or limiting access to kernel debugging and memory failure injection tools in production environments reduces the attack surface. Finally, maintaining up-to-date hardware firmware and drivers can prevent hardware-induced memory errors that might exacerbate this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland, Belgium
CVE-2024-40914: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: don't unpoison huge_zero_folio When I did memory failure tests recently, below panic occurs: kernel BUG at include/linux/mm.h:1135! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 9 PID: 137 Comm: kswapd1 Not tainted 6.9.0-rc4-00491-gd5ce28f156fe-dirty #14 RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0 RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246 RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0 RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492 R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00 FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0 Call Trace: <TASK> do_shrink_slab+0x14f/0x6a0 shrink_slab+0xca/0x8c0 shrink_node+0x2d0/0x7d0 balance_pgdat+0x33a/0x720 kswapd+0x1f3/0x410 kthread+0xd5/0x100 ret_from_fork+0x2f/0x50 ret_from_fork_asm+0x1a/0x30 </TASK> Modules linked in: mce_inject hwpoison_inject ---[ end trace 0000000000000000 ]--- RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0 RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246 RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0 RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492 R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00 FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0 The root cause is that HWPoison flag will be set for huge_zero_folio without increasing the folio refcnt. But then unpoison_memory() will decrease the folio refcnt unexpectedly as it appears like a successfully hwpoisoned folio leading to VM_BUG_ON_PAGE(page_ref_count(page) == 0) when releasing huge_zero_folio. Skip unpoisoning huge_zero_folio in unpoison_memory() to fix this issue. We're not prepared to unpoison huge_zero_folio yet.
AI-Powered Analysis
Technical Analysis
CVE-2024-40914 is a vulnerability identified in the Linux kernel related to the handling of huge zero pages in memory management, specifically within the huge_memory subsystem. The issue arises from improper reference counting and unpoisoning of the huge_zero_folio, a special memory page used by the kernel. During memory failure tests, a kernel panic occurs due to an invalid opcode triggered in the function shrink_huge_zero_page_scan. The root cause is that the HWPoison flag is set on the huge_zero_folio without incrementing its reference count. Subsequently, when unpoison_memory() is called, it erroneously decrements the reference count, assuming the folio was successfully poisoned. This leads to a reference count of zero on a page that is still in use, triggering a VM_BUG_ON_PAGE error and causing the kernel to panic. The fix implemented involves skipping the unpoisoning of huge_zero_folio in unpoison_memory(), as the system is not yet prepared to handle unpoisoning of this special folio. This vulnerability affects specific Linux kernel versions identified by their commit hashes, including versions around 6.9.0-rc4. The flaw is a memory management bug that can cause system instability and crashes under certain conditions, particularly when memory failure injection or hardware poisoning mechanisms are in use. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2024-40914 primarily involves system stability and availability risks on Linux-based servers and infrastructure. Since Linux is widely deployed across European enterprises, cloud providers, research institutions, and government agencies, any kernel panic or crash can disrupt critical services, leading to downtime and potential data loss if systems are not properly backed up or clustered. The vulnerability is particularly relevant for environments that utilize hardware error injection for testing or that experience hardware memory faults, as these conditions trigger the problematic code path. Although this vulnerability does not directly lead to privilege escalation or remote code execution, the resulting kernel panic could be exploited by attackers to cause denial of service (DoS) conditions. Systems running affected kernel versions without the patch are at risk of unexpected reboots or crashes, which can degrade operational continuity. Given the prevalence of Linux in cloud and on-premises servers across Europe, especially in sectors like finance, telecommunications, and public administration, the threat to availability is significant. However, since exploitation requires specific conditions (memory failure or poisoning), the risk to confidentiality and integrity is low.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel to versions that include the fix for CVE-2024-40914 as soon as patches become available from their Linux distribution vendors. Until patches are applied, organizations should avoid running memory failure injection tests or hardware poisoning features that could trigger the vulnerability. Monitoring kernel logs for signs of memory management errors or kernel panics related to huge zero pages can help detect attempts to trigger this issue. For critical systems, implementing high availability configurations with failover capabilities can mitigate the impact of unexpected crashes. Additionally, organizations should ensure robust backup and recovery procedures are in place to minimize data loss from sudden system failures. Security teams should coordinate with system administrators to verify kernel versions and apply vendor-supplied patches promptly. Where possible, disabling or limiting access to kernel debugging and memory failure injection tools in production environments reduces the attack surface. Finally, maintaining up-to-date hardware firmware and drivers can prevent hardware-induced memory errors that might exacerbate this vulnerability.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-07-12T12:17:45.581Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9821c4522896dcbdde93
Added to database: 5/21/2025, 9:08:49 AM
Last enriched: 6/28/2025, 4:11:07 AM
Last updated: 8/3/2025, 12:40:42 PM
Views: 13
Related Threats
CVE-2025-9047: SQL Injection in projectworlds Visitor Management System
MediumCVE-2025-9046: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9028: SQL Injection in code-projects Online Medicine Guide
MediumCVE-2025-26709: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in ZTE F50
MediumCVE-2025-9027: SQL Injection in code-projects Online Medicine Guide
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.