CVE-2024-45022: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0 The __vmap_pages_range_noflush() assumes its argument pages** contains pages with the same page shift. However, since commit e9c3cda4d86e ("mm, vmalloc: fix high order __GFP_NOFAIL allocations"), if gfp_flags includes __GFP_NOFAIL with high order in vm_area_alloc_pages() and page allocation failed for high order, the pages** may contain two different page shifts (high order and order-0). This could lead __vmap_pages_range_noflush() to perform incorrect mappings, potentially resulting in memory corruption. Users might encounter this as follows (vmap_allow_huge = true, 2M is for PMD_SIZE): kvmalloc(2M, __GFP_NOFAIL|GFP_X) __vmalloc_node_range_noprof(vm_flags=VM_ALLOW_HUGE_VMAP) vm_area_alloc_pages(order=9) ---> order-9 allocation failed and fallback to order-0 vmap_pages_range() vmap_pages_range_noflush() __vmap_pages_range_noflush(page_shift = 21) ----> wrong mapping happens We can remove the fallback code because if a high-order allocation fails, __vmalloc_node_range_noprof() will retry with order-0. Therefore, it is unnecessary to fallback to order-0 here. Therefore, fix this by removing the fallback code.
AI Analysis
Technical Summary
CVE-2024-45022 is a vulnerability identified in the Linux kernel's memory management subsystem, specifically within the vmalloc area responsible for virtual memory allocation. The issue arises in the function __vmap_pages_range_noflush(), which assumes that the pages passed to it all have the same page shift (i.e., the same page size). However, due to a recent change in the kernel (commit e9c3cda4d86e), when a high-order page allocation with the __GFP_NOFAIL flag fails, the fallback mechanism allows mixing of pages with different sizes (high order and order-0) in the pages array. This breaks the assumption in __vmap_pages_range_noflush(), leading to incorrect page mappings and potential memory corruption. The problem manifests when vmalloc attempts to allocate large contiguous memory areas (e.g., 2MB huge pages) and falls back incorrectly to smaller pages without proper handling. The fix involves removing the fallback code that mixes page orders because the higher-level function __vmalloc_node_range_noprof() already retries with order-0 allocations if the high-order allocation fails, making the fallback redundant and unsafe. This vulnerability could cause kernel memory corruption, potentially leading to system instability, crashes, or exploitable conditions for privilege escalation or denial of service. No known exploits are reported in the wild as of the publication date, and no CVSS score has been assigned yet.
Potential Impact
For European organizations relying on Linux-based systems—ranging from enterprise servers, cloud infrastructure, embedded devices, to critical industrial control systems—this vulnerability poses a risk of kernel memory corruption. Such corruption can lead to unpredictable system behavior, including crashes or denial of service, which can disrupt business operations. In worst-case scenarios, attackers with local access might leverage this flaw to escalate privileges or execute arbitrary code within the kernel context, compromising confidentiality and integrity of sensitive data. Given the widespread use of Linux in European data centers, telecommunications, and government infrastructure, the impact could be significant if exploited. Systems running workloads that heavily use vmalloc for large memory allocations, such as virtualization hosts or high-performance computing nodes, are particularly at risk. Although no active exploits are known, the vulnerability's technical nature and kernel-level impact warrant prompt attention to prevent potential exploitation.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel to versions that include the fix for CVE-2024-45022 as soon as patches become available from their Linux distribution vendors. Until patches are applied, organizations should: 1) Limit or monitor use of applications or workloads that perform large vmalloc allocations with __GFP_NOFAIL flags, especially those requesting huge pages. 2) Employ kernel hardening techniques such as Kernel Address Space Layout Randomization (KASLR) and Kernel Page Table Isolation (KPTI) to reduce exploitation likelihood. 3) Restrict local access to critical Linux systems by enforcing strict user permissions and using multi-factor authentication to prevent unauthorized local code execution. 4) Monitor system logs and kernel crash reports for signs of memory corruption or unusual vmalloc failures. 5) Coordinate with Linux distribution maintainers and subscribe to security advisories to receive timely updates. 6) For embedded or specialized Linux deployments, conduct thorough testing of updated kernels to ensure stability and compatibility before production rollout.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden, Poland, Belgium, Finland
CVE-2024-45022: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0 The __vmap_pages_range_noflush() assumes its argument pages** contains pages with the same page shift. However, since commit e9c3cda4d86e ("mm, vmalloc: fix high order __GFP_NOFAIL allocations"), if gfp_flags includes __GFP_NOFAIL with high order in vm_area_alloc_pages() and page allocation failed for high order, the pages** may contain two different page shifts (high order and order-0). This could lead __vmap_pages_range_noflush() to perform incorrect mappings, potentially resulting in memory corruption. Users might encounter this as follows (vmap_allow_huge = true, 2M is for PMD_SIZE): kvmalloc(2M, __GFP_NOFAIL|GFP_X) __vmalloc_node_range_noprof(vm_flags=VM_ALLOW_HUGE_VMAP) vm_area_alloc_pages(order=9) ---> order-9 allocation failed and fallback to order-0 vmap_pages_range() vmap_pages_range_noflush() __vmap_pages_range_noflush(page_shift = 21) ----> wrong mapping happens We can remove the fallback code because if a high-order allocation fails, __vmalloc_node_range_noprof() will retry with order-0. Therefore, it is unnecessary to fallback to order-0 here. Therefore, fix this by removing the fallback code.
AI-Powered Analysis
Technical Analysis
CVE-2024-45022 is a vulnerability identified in the Linux kernel's memory management subsystem, specifically within the vmalloc area responsible for virtual memory allocation. The issue arises in the function __vmap_pages_range_noflush(), which assumes that the pages passed to it all have the same page shift (i.e., the same page size). However, due to a recent change in the kernel (commit e9c3cda4d86e), when a high-order page allocation with the __GFP_NOFAIL flag fails, the fallback mechanism allows mixing of pages with different sizes (high order and order-0) in the pages array. This breaks the assumption in __vmap_pages_range_noflush(), leading to incorrect page mappings and potential memory corruption. The problem manifests when vmalloc attempts to allocate large contiguous memory areas (e.g., 2MB huge pages) and falls back incorrectly to smaller pages without proper handling. The fix involves removing the fallback code that mixes page orders because the higher-level function __vmalloc_node_range_noprof() already retries with order-0 allocations if the high-order allocation fails, making the fallback redundant and unsafe. This vulnerability could cause kernel memory corruption, potentially leading to system instability, crashes, or exploitable conditions for privilege escalation or denial of service. No known exploits are reported in the wild as of the publication date, and no CVSS score has been assigned yet.
Potential Impact
For European organizations relying on Linux-based systems—ranging from enterprise servers, cloud infrastructure, embedded devices, to critical industrial control systems—this vulnerability poses a risk of kernel memory corruption. Such corruption can lead to unpredictable system behavior, including crashes or denial of service, which can disrupt business operations. In worst-case scenarios, attackers with local access might leverage this flaw to escalate privileges or execute arbitrary code within the kernel context, compromising confidentiality and integrity of sensitive data. Given the widespread use of Linux in European data centers, telecommunications, and government infrastructure, the impact could be significant if exploited. Systems running workloads that heavily use vmalloc for large memory allocations, such as virtualization hosts or high-performance computing nodes, are particularly at risk. Although no active exploits are known, the vulnerability's technical nature and kernel-level impact warrant prompt attention to prevent potential exploitation.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel to versions that include the fix for CVE-2024-45022 as soon as patches become available from their Linux distribution vendors. Until patches are applied, organizations should: 1) Limit or monitor use of applications or workloads that perform large vmalloc allocations with __GFP_NOFAIL flags, especially those requesting huge pages. 2) Employ kernel hardening techniques such as Kernel Address Space Layout Randomization (KASLR) and Kernel Page Table Isolation (KPTI) to reduce exploitation likelihood. 3) Restrict local access to critical Linux systems by enforcing strict user permissions and using multi-factor authentication to prevent unauthorized local code execution. 4) Monitor system logs and kernel crash reports for signs of memory corruption or unusual vmalloc failures. 5) Coordinate with Linux distribution maintainers and subscribe to security advisories to receive timely updates. 6) For embedded or specialized Linux deployments, conduct thorough testing of updated kernels to ensure stability and compatibility before production rollout.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-08-21T05:34:56.684Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9826c4522896dcbe0f0c
Added to database: 5/21/2025, 9:08:54 AM
Last enriched: 6/28/2025, 11:56:37 PM
Last updated: 8/1/2025, 6:41:39 AM
Views: 7
Related Threats
CVE-2025-9094: Improper Neutralization of Special Elements Used in a Template Engine in ThingsBoard
MediumCVE-2025-9093: Improper Export of Android Application Components in BuzzFeed App
MediumResearcher to release exploit for full auth bypass on FortiWeb
HighCVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.