CVE-2024-40950: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: mm: huge_memory: fix misused mapping_large_folio_support() for anon folios When I did a large folios split test, a WARNING "[ 5059.122759][ T166] Cannot split file folio to non-0 order" was triggered. But the test cases are only for anonmous folios. while mapping_large_folio_support() is only reasonable for page cache folios. In split_huge_page_to_list_to_order(), the folio passed to mapping_large_folio_support() maybe anonmous folio. The folio_test_anon() check is missing. So the split of the anonmous THP is failed. This is also the same for shmem_mapping(). We'd better add a check for both. But the shmem_mapping() in __split_huge_page() is not involved, as for anonmous folios, the end parameter is set to -1, so (head[i].index >= end) is always false. shmem_mapping() is not called. Also add a VM_WARN_ON_ONCE() in mapping_large_folio_support() for anon mapping, So we can detect the wrong use more easily. THP folios maybe exist in the pagecache even the file system doesn't support large folio, it is because when CONFIG_TRANSPARENT_HUGEPAGE is enabled, khugepaged will try to collapse read-only file-backed pages to THP. But the mapping does not actually support multi order large folios properly. Using /sys/kernel/debug/split_huge_pages to verify this, with this patch, large anon THP is successfully split and the warning is ceased.
AI Analysis
Technical Summary
CVE-2024-40950 is a vulnerability identified in the Linux kernel's memory management subsystem, specifically related to the handling of Transparent Huge Pages (THP) and large folios in anonymous memory mappings. The issue arises from a misuse of the function mapping_large_folio_support() when applied to anonymous folios. Normally, this function is intended for page cache folios, but in this case, it was incorrectly called for anonymous folios without the necessary folio_test_anon() check. This leads to a failure in splitting huge pages (THP) correctly, triggering warnings such as "Cannot split file folio to non-0 order". The problem is rooted in the split_huge_page_to_list_to_order() function, where the folio passed may be anonymous, but the code lacks the proper validation to handle this scenario. Additionally, the vulnerability affects the handling of shmem mappings, although the specific code path for shmem_mapping() in __split_huge_page() is not directly involved due to parameter settings that prevent its execution for anonymous folios. The Linux kernel patch introduces a VM_WARN_ON_ONCE() to detect improper use of mapping_large_folio_support() with anonymous mappings and corrects the logic to properly split large anonymous THP folios. This fix ensures that large anonymous THPs can be split successfully, eliminating the warning and preventing potential instability or memory management issues. The vulnerability is tied to the CONFIG_TRANSPARENT_HUGEPAGE kernel configuration, which attempts to collapse read-only file-backed pages into THPs even if the filesystem does not support multi-order large folios properly. This can cause inconsistencies in memory management and potential kernel warnings or faults. No known exploits are reported in the wild as of the publication date, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability primarily impacts systems running Linux kernels with Transparent Huge Pages enabled, which is common in many enterprise and cloud environments. The improper handling of huge page splitting could lead to kernel warnings and potentially unstable memory management behavior. While no direct exploit or remote code execution has been reported, the vulnerability could cause system instability, degraded performance, or denial of service conditions if the kernel encounters unexpected memory states. This is particularly relevant for high-performance computing, database servers, and virtualized environments where large memory pages are leveraged for efficiency. Organizations relying on Linux-based infrastructure for critical applications may experience increased risk of system crashes or degraded service availability if the kernel is not patched. Additionally, debugging and troubleshooting efforts may be complicated by the misleading warnings generated by this issue. Given the kernel-level nature of the vulnerability, it affects the integrity and availability of systems but does not directly expose confidentiality risks unless combined with other vulnerabilities.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel to the patched versions that address CVE-2024-40950. Since the vulnerability is related to kernel memory management, applying vendor-provided kernel updates or backported patches is essential. System administrators should verify if Transparent Huge Pages (THP) are enabled (typically via /sys/kernel/mm/transparent_hugepage/enabled) and consider temporarily disabling THP as a mitigation if immediate patching is not feasible, especially on critical systems where stability is paramount. Monitoring kernel logs for warnings related to huge page splitting can help identify affected systems. Additionally, organizations should test kernel updates in staging environments to ensure compatibility with their workloads, particularly for applications sensitive to memory management changes. For environments using custom or older kernels, backporting the patch or upgrading to a supported kernel version is recommended. Finally, maintaining robust kernel debugging and monitoring practices will aid in early detection of any anomalies related to huge page handling.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland
CVE-2024-40950: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: mm: huge_memory: fix misused mapping_large_folio_support() for anon folios When I did a large folios split test, a WARNING "[ 5059.122759][ T166] Cannot split file folio to non-0 order" was triggered. But the test cases are only for anonmous folios. while mapping_large_folio_support() is only reasonable for page cache folios. In split_huge_page_to_list_to_order(), the folio passed to mapping_large_folio_support() maybe anonmous folio. The folio_test_anon() check is missing. So the split of the anonmous THP is failed. This is also the same for shmem_mapping(). We'd better add a check for both. But the shmem_mapping() in __split_huge_page() is not involved, as for anonmous folios, the end parameter is set to -1, so (head[i].index >= end) is always false. shmem_mapping() is not called. Also add a VM_WARN_ON_ONCE() in mapping_large_folio_support() for anon mapping, So we can detect the wrong use more easily. THP folios maybe exist in the pagecache even the file system doesn't support large folio, it is because when CONFIG_TRANSPARENT_HUGEPAGE is enabled, khugepaged will try to collapse read-only file-backed pages to THP. But the mapping does not actually support multi order large folios properly. Using /sys/kernel/debug/split_huge_pages to verify this, with this patch, large anon THP is successfully split and the warning is ceased.
AI-Powered Analysis
Technical Analysis
CVE-2024-40950 is a vulnerability identified in the Linux kernel's memory management subsystem, specifically related to the handling of Transparent Huge Pages (THP) and large folios in anonymous memory mappings. The issue arises from a misuse of the function mapping_large_folio_support() when applied to anonymous folios. Normally, this function is intended for page cache folios, but in this case, it was incorrectly called for anonymous folios without the necessary folio_test_anon() check. This leads to a failure in splitting huge pages (THP) correctly, triggering warnings such as "Cannot split file folio to non-0 order". The problem is rooted in the split_huge_page_to_list_to_order() function, where the folio passed may be anonymous, but the code lacks the proper validation to handle this scenario. Additionally, the vulnerability affects the handling of shmem mappings, although the specific code path for shmem_mapping() in __split_huge_page() is not directly involved due to parameter settings that prevent its execution for anonymous folios. The Linux kernel patch introduces a VM_WARN_ON_ONCE() to detect improper use of mapping_large_folio_support() with anonymous mappings and corrects the logic to properly split large anonymous THP folios. This fix ensures that large anonymous THPs can be split successfully, eliminating the warning and preventing potential instability or memory management issues. The vulnerability is tied to the CONFIG_TRANSPARENT_HUGEPAGE kernel configuration, which attempts to collapse read-only file-backed pages into THPs even if the filesystem does not support multi-order large folios properly. This can cause inconsistencies in memory management and potential kernel warnings or faults. No known exploits are reported in the wild as of the publication date, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability primarily impacts systems running Linux kernels with Transparent Huge Pages enabled, which is common in many enterprise and cloud environments. The improper handling of huge page splitting could lead to kernel warnings and potentially unstable memory management behavior. While no direct exploit or remote code execution has been reported, the vulnerability could cause system instability, degraded performance, or denial of service conditions if the kernel encounters unexpected memory states. This is particularly relevant for high-performance computing, database servers, and virtualized environments where large memory pages are leveraged for efficiency. Organizations relying on Linux-based infrastructure for critical applications may experience increased risk of system crashes or degraded service availability if the kernel is not patched. Additionally, debugging and troubleshooting efforts may be complicated by the misleading warnings generated by this issue. Given the kernel-level nature of the vulnerability, it affects the integrity and availability of systems but does not directly expose confidentiality risks unless combined with other vulnerabilities.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel to the patched versions that address CVE-2024-40950. Since the vulnerability is related to kernel memory management, applying vendor-provided kernel updates or backported patches is essential. System administrators should verify if Transparent Huge Pages (THP) are enabled (typically via /sys/kernel/mm/transparent_hugepage/enabled) and consider temporarily disabling THP as a mitigation if immediate patching is not feasible, especially on critical systems where stability is paramount. Monitoring kernel logs for warnings related to huge page splitting can help identify affected systems. Additionally, organizations should test kernel updates in staging environments to ensure compatibility with their workloads, particularly for applications sensitive to memory management changes. For environments using custom or older kernels, backporting the patch or upgrading to a supported kernel version is recommended. Finally, maintaining robust kernel debugging and monitoring practices will aid in early detection of any anomalies related to huge page handling.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-07-12T12:17:45.591Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9827c4522896dcbe147d
Added to database: 5/21/2025, 9:08:55 AM
Last enriched: 6/29/2025, 2:40:29 AM
Last updated: 8/1/2025, 8:35:35 AM
Views: 8
Related Threats
CVE-2025-41242: Vulnerability in VMware Spring Framework
MediumCVE-2025-47206: CWE-787 in QNAP Systems Inc. File Station 5
HighCVE-2025-5296: CWE-59 Improper Link Resolution Before File Access ('Link Following') in Schneider Electric SESU
HighCVE-2025-6625: CWE-20 Improper Input Validation in Schneider Electric Modicon M340
HighCVE-2025-57703: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Delta Electronics DIAEnergie
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.