CVE-2024-46790: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: codetag: debug: mark codetags for poisoned page as empty When PG_hwpoison pages are freed they are treated differently in free_pages_prepare() and instead of being released they are isolated. Page allocation tag counters are decremented at this point since the page is considered not in use. Later on when such pages are released by unpoison_memory(), the allocation tag counters will be decremented again and the following warning gets reported: [ 113.930443][ T3282] ------------[ cut here ]------------ [ 113.931105][ T3282] alloc_tag was not set [ 113.931576][ T3282] WARNING: CPU: 2 PID: 3282 at ./include/linux/alloc_tag.h:130 pgalloc_tag_sub.part.66+0x154/0x164 [ 113.932866][ T3282] Modules linked in: hwpoison_inject fuse ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 ipt_REJECT nf_reject_ipv4 xt_conntrack ebtable_nat ebtable_broute ip6table_nat ip6table_man4 [ 113.941638][ T3282] CPU: 2 UID: 0 PID: 3282 Comm: madvise11 Kdump: loaded Tainted: G W 6.11.0-rc4-dirty #18 [ 113.943003][ T3282] Tainted: [W]=WARN [ 113.943453][ T3282] Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022 [ 113.944378][ T3282] pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 113.945319][ T3282] pc : pgalloc_tag_sub.part.66+0x154/0x164 [ 113.946016][ T3282] lr : pgalloc_tag_sub.part.66+0x154/0x164 [ 113.946706][ T3282] sp : ffff800087093a10 [ 113.947197][ T3282] x29: ffff800087093a10 x28: ffff0000d7a9d400 x27: ffff80008249f0a0 [ 113.948165][ T3282] x26: 0000000000000000 x25: ffff80008249f2b0 x24: 0000000000000000 [ 113.949134][ T3282] x23: 0000000000000001 x22: 0000000000000001 x21: 0000000000000000 [ 113.950597][ T3282] x20: ffff0000c08fcad8 x19: ffff80008251e000 x18: ffffffffffffffff [ 113.952207][ T3282] x17: 0000000000000000 x16: 0000000000000000 x15: ffff800081746210 [ 113.953161][ T3282] x14: 0000000000000000 x13: 205d323832335420 x12: 5b5d353031313339 [ 113.954120][ T3282] x11: ffff800087093500 x10: 000000000000005d x9 : 00000000ffffffd0 [ 113.955078][ T3282] x8 : 7f7f7f7f7f7f7f7f x7 : ffff80008236ba90 x6 : c0000000ffff7fff [ 113.956036][ T3282] x5 : ffff000b34bf4dc8 x4 : ffff8000820aba90 x3 : 0000000000000001 [ 113.956994][ T3282] x2 : ffff800ab320f000 x1 : 841d1e35ac932e00 x0 : 0000000000000000 [ 113.957962][ T3282] Call trace: [ 113.958350][ T3282] pgalloc_tag_sub.part.66+0x154/0x164 [ 113.959000][ T3282] pgalloc_tag_sub+0x14/0x1c [ 113.959539][ T3282] free_unref_page+0xf4/0x4b8 [ 113.960096][ T3282] __folio_put+0xd4/0x120 [ 113.960614][ T3282] folio_put+0x24/0x50 [ 113.961103][ T3282] unpoison_memory+0x4f0/0x5b0 [ 113.961678][ T3282] hwpoison_unpoison+0x30/0x48 [hwpoison_inject] [ 113.962436][ T3282] simple_attr_write_xsigned.isra.34+0xec/0x1cc [ 113.963183][ T3282] simple_attr_write+0x38/0x48 [ 113.963750][ T3282] debugfs_attr_write+0x54/0x80 [ 113.964330][ T3282] full_proxy_write+0x68/0x98 [ 113.964880][ T3282] vfs_write+0xdc/0x4d0 [ 113.965372][ T3282] ksys_write+0x78/0x100 [ 113.965875][ T3282] __arm64_sys_write+0x24/0x30 [ 113.966440][ T3282] invoke_syscall+0x7c/0x104 [ 113.966984][ T3282] el0_svc_common.constprop.1+0x88/0x104 [ 113.967652][ T3282] do_el0_svc+0x2c/0x38 [ 113.968893][ T3282] el0_svc+0x3c/0x1b8 [ 113.969379][ T3282] el0t_64_sync_handler+0x98/0xbc [ 113.969980][ T3282] el0t_64_sync+0x19c/0x1a0 [ 113.970511][ T3282] ---[ end trace 0000000000000000 ]--- To fix this, clear the page tag reference after the page got isolated and accounted for.
AI Analysis
Technical Summary
CVE-2024-46790 is a vulnerability identified in the Linux kernel related to the handling of PG_hwpoison pages, which are pages marked as poisoned due to hardware errors. The issue arises during the freeing process of these pages. Normally, when PG_hwpoison pages are freed, they are isolated rather than released immediately. During this isolation in the free_pages_prepare() function, the page allocation tag counters are decremented because the page is considered no longer in use. However, when these pages are later released by the unpoison_memory() function, the allocation tag counters are decremented again. This double decrement leads to a warning indicating that the allocation tag was not set, which is symptomatic of inconsistent memory management and potential memory corruption. The kernel log trace shows that this warning can cause instability or unexpected behavior in the kernel, especially in environments using the hwpoison_inject module. The root cause is that the page tag reference is not cleared after the page is isolated and accounted for, leading to the double decrement. The fix involves clearing the page tag reference after isolation to ensure the allocation tag counters are decremented only once. This vulnerability affects specific Linux kernel versions identified by commit hashes and is relevant to systems that handle hardware memory poisoning, a mechanism used to isolate faulty memory pages to maintain system stability.
Potential Impact
For European organizations, the impact of CVE-2024-46790 could be significant, particularly for those relying on Linux-based infrastructure in critical environments such as data centers, cloud services, telecommunications, and industrial control systems. The vulnerability can lead to kernel warnings and potentially unstable memory management, which may cause system crashes, degraded performance, or unpredictable behavior. This instability can affect availability and reliability of services, especially in high-availability or real-time systems. Although there is no evidence of active exploitation, the underlying memory management flaw could be leveraged by attackers or result in denial of service conditions if triggered. Organizations running Linux kernels with hardware memory poisoning enabled or using the hwpoison_inject module for testing or fault injection are particularly at risk. The vulnerability does not directly expose confidentiality or integrity breaches but can indirectly impact system integrity by causing kernel faults and availability issues.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the patch fixing CVE-2024-46790. Since the vulnerability relates to kernel memory management, applying vendor-supplied kernel updates or patches is the most effective mitigation. For environments using custom or long-term support kernels, backporting the fix or applying the patch manually may be necessary. Additionally, organizations should audit their use of the hwpoison_inject module and hardware poisoning features, disabling or restricting them if not required. Monitoring kernel logs for warnings related to alloc_tag or hwpoison pages can help detect attempts to trigger this issue. Implementing robust kernel crash dump and analysis procedures will aid in diagnosing any instability caused by this vulnerability. Finally, maintaining strict control over privileged access to kernel interfaces and limiting user-space interactions that could invoke unpoison_memory() functions will reduce the risk of accidental or malicious triggering.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy
CVE-2024-46790: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: codetag: debug: mark codetags for poisoned page as empty When PG_hwpoison pages are freed they are treated differently in free_pages_prepare() and instead of being released they are isolated. Page allocation tag counters are decremented at this point since the page is considered not in use. Later on when such pages are released by unpoison_memory(), the allocation tag counters will be decremented again and the following warning gets reported: [ 113.930443][ T3282] ------------[ cut here ]------------ [ 113.931105][ T3282] alloc_tag was not set [ 113.931576][ T3282] WARNING: CPU: 2 PID: 3282 at ./include/linux/alloc_tag.h:130 pgalloc_tag_sub.part.66+0x154/0x164 [ 113.932866][ T3282] Modules linked in: hwpoison_inject fuse ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 ipt_REJECT nf_reject_ipv4 xt_conntrack ebtable_nat ebtable_broute ip6table_nat ip6table_man4 [ 113.941638][ T3282] CPU: 2 UID: 0 PID: 3282 Comm: madvise11 Kdump: loaded Tainted: G W 6.11.0-rc4-dirty #18 [ 113.943003][ T3282] Tainted: [W]=WARN [ 113.943453][ T3282] Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022 [ 113.944378][ T3282] pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 113.945319][ T3282] pc : pgalloc_tag_sub.part.66+0x154/0x164 [ 113.946016][ T3282] lr : pgalloc_tag_sub.part.66+0x154/0x164 [ 113.946706][ T3282] sp : ffff800087093a10 [ 113.947197][ T3282] x29: ffff800087093a10 x28: ffff0000d7a9d400 x27: ffff80008249f0a0 [ 113.948165][ T3282] x26: 0000000000000000 x25: ffff80008249f2b0 x24: 0000000000000000 [ 113.949134][ T3282] x23: 0000000000000001 x22: 0000000000000001 x21: 0000000000000000 [ 113.950597][ T3282] x20: ffff0000c08fcad8 x19: ffff80008251e000 x18: ffffffffffffffff [ 113.952207][ T3282] x17: 0000000000000000 x16: 0000000000000000 x15: ffff800081746210 [ 113.953161][ T3282] x14: 0000000000000000 x13: 205d323832335420 x12: 5b5d353031313339 [ 113.954120][ T3282] x11: ffff800087093500 x10: 000000000000005d x9 : 00000000ffffffd0 [ 113.955078][ T3282] x8 : 7f7f7f7f7f7f7f7f x7 : ffff80008236ba90 x6 : c0000000ffff7fff [ 113.956036][ T3282] x5 : ffff000b34bf4dc8 x4 : ffff8000820aba90 x3 : 0000000000000001 [ 113.956994][ T3282] x2 : ffff800ab320f000 x1 : 841d1e35ac932e00 x0 : 0000000000000000 [ 113.957962][ T3282] Call trace: [ 113.958350][ T3282] pgalloc_tag_sub.part.66+0x154/0x164 [ 113.959000][ T3282] pgalloc_tag_sub+0x14/0x1c [ 113.959539][ T3282] free_unref_page+0xf4/0x4b8 [ 113.960096][ T3282] __folio_put+0xd4/0x120 [ 113.960614][ T3282] folio_put+0x24/0x50 [ 113.961103][ T3282] unpoison_memory+0x4f0/0x5b0 [ 113.961678][ T3282] hwpoison_unpoison+0x30/0x48 [hwpoison_inject] [ 113.962436][ T3282] simple_attr_write_xsigned.isra.34+0xec/0x1cc [ 113.963183][ T3282] simple_attr_write+0x38/0x48 [ 113.963750][ T3282] debugfs_attr_write+0x54/0x80 [ 113.964330][ T3282] full_proxy_write+0x68/0x98 [ 113.964880][ T3282] vfs_write+0xdc/0x4d0 [ 113.965372][ T3282] ksys_write+0x78/0x100 [ 113.965875][ T3282] __arm64_sys_write+0x24/0x30 [ 113.966440][ T3282] invoke_syscall+0x7c/0x104 [ 113.966984][ T3282] el0_svc_common.constprop.1+0x88/0x104 [ 113.967652][ T3282] do_el0_svc+0x2c/0x38 [ 113.968893][ T3282] el0_svc+0x3c/0x1b8 [ 113.969379][ T3282] el0t_64_sync_handler+0x98/0xbc [ 113.969980][ T3282] el0t_64_sync+0x19c/0x1a0 [ 113.970511][ T3282] ---[ end trace 0000000000000000 ]--- To fix this, clear the page tag reference after the page got isolated and accounted for.
AI-Powered Analysis
Technical Analysis
CVE-2024-46790 is a vulnerability identified in the Linux kernel related to the handling of PG_hwpoison pages, which are pages marked as poisoned due to hardware errors. The issue arises during the freeing process of these pages. Normally, when PG_hwpoison pages are freed, they are isolated rather than released immediately. During this isolation in the free_pages_prepare() function, the page allocation tag counters are decremented because the page is considered no longer in use. However, when these pages are later released by the unpoison_memory() function, the allocation tag counters are decremented again. This double decrement leads to a warning indicating that the allocation tag was not set, which is symptomatic of inconsistent memory management and potential memory corruption. The kernel log trace shows that this warning can cause instability or unexpected behavior in the kernel, especially in environments using the hwpoison_inject module. The root cause is that the page tag reference is not cleared after the page is isolated and accounted for, leading to the double decrement. The fix involves clearing the page tag reference after isolation to ensure the allocation tag counters are decremented only once. This vulnerability affects specific Linux kernel versions identified by commit hashes and is relevant to systems that handle hardware memory poisoning, a mechanism used to isolate faulty memory pages to maintain system stability.
Potential Impact
For European organizations, the impact of CVE-2024-46790 could be significant, particularly for those relying on Linux-based infrastructure in critical environments such as data centers, cloud services, telecommunications, and industrial control systems. The vulnerability can lead to kernel warnings and potentially unstable memory management, which may cause system crashes, degraded performance, or unpredictable behavior. This instability can affect availability and reliability of services, especially in high-availability or real-time systems. Although there is no evidence of active exploitation, the underlying memory management flaw could be leveraged by attackers or result in denial of service conditions if triggered. Organizations running Linux kernels with hardware memory poisoning enabled or using the hwpoison_inject module for testing or fault injection are particularly at risk. The vulnerability does not directly expose confidentiality or integrity breaches but can indirectly impact system integrity by causing kernel faults and availability issues.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the patch fixing CVE-2024-46790. Since the vulnerability relates to kernel memory management, applying vendor-supplied kernel updates or patches is the most effective mitigation. For environments using custom or long-term support kernels, backporting the fix or applying the patch manually may be necessary. Additionally, organizations should audit their use of the hwpoison_inject module and hardware poisoning features, disabling or restricting them if not required. Monitoring kernel logs for warnings related to alloc_tag or hwpoison pages can help detect attempts to trigger this issue. Implementing robust kernel crash dump and analysis procedures will aid in diagnosing any instability caused by this vulnerability. Finally, maintaining strict control over privileged access to kernel interfaces and limiting user-space interactions that could invoke unpoison_memory() functions will reduce the risk of accidental or malicious triggering.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-09-11T15:12:18.278Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9827c4522896dcbe12f6
Added to database: 5/21/2025, 9:08:55 AM
Last enriched: 6/29/2025, 1:54:55 AM
Last updated: 7/31/2025, 1:45:47 PM
Views: 11
Related Threats
CVE-2025-9050: SQL Injection in projectworlds Travel Management System
MediumCVE-2025-9047: SQL Injection in projectworlds Visitor Management System
MediumCVE-2025-9046: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9028: SQL Injection in code-projects Online Medicine Guide
MediumCVE-2025-26709: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in ZTE F50
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.