CVE-2024-56628: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Add architecture specific huge_pte_clear() When executing mm selftests run_vmtests.sh, there is such an error: BUG: Bad page state in process uffd-unit-tests pfn:00000 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x0 flags: 0xffff0000002000(reserved|node=0|zone=0|lastcpupid=0xffff) raw: 00ffff0000002000 ffffbf0000000008 ffffbf0000000008 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set Modules linked in: snd_seq_dummy snd_seq snd_seq_device rfkill vfat fat virtio_balloon efi_pstore virtio_net pstore net_failover failover fuse nfnetlink virtio_scsi virtio_gpu virtio_dma_buf dm_multipath efivarfs CPU: 2 UID: 0 PID: 1913 Comm: uffd-unit-tests Not tainted 6.12.0 #184 Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 2/2/2022 Stack : 900000047c8ac000 0000000000000000 9000000000223a7c 900000047c8ac000 900000047c8af690 900000047c8af698 0000000000000000 900000047c8af7d8 900000047c8af7d0 900000047c8af7d0 900000047c8af5b0 0000000000000001 0000000000000001 900000047c8af698 10b3c7d53da40d26 0000010000000000 0000000000000022 0000000fffffffff fffffffffe000000 ffff800000000000 000000000000002f 0000800000000000 000000017a6d4000 90000000028f8940 0000000000000000 0000000000000000 90000000025aa5e0 9000000002905000 0000000000000000 90000000028f8940 ffff800000000000 0000000000000000 0000000000000000 0000000000000000 9000000000223a94 000000012001839c 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1d ... Call Trace: [<9000000000223a94>] show_stack+0x5c/0x180 [<9000000001c3fd64>] dump_stack_lvl+0x6c/0xa0 [<900000000056aa08>] bad_page+0x1a0/0x1f0 [<9000000000574978>] free_unref_folios+0xbf0/0xd20 [<90000000004e65cc>] folios_put_refs+0x1a4/0x2b8 [<9000000000599a0c>] free_pages_and_swap_cache+0x164/0x260 [<9000000000547698>] tlb_batch_pages_flush+0xa8/0x1c0 [<9000000000547f30>] tlb_finish_mmu+0xa8/0x218 [<9000000000543cb8>] exit_mmap+0x1a0/0x360 [<9000000000247658>] __mmput+0x78/0x200 [<900000000025583c>] do_exit+0x43c/0xde8 [<9000000000256490>] do_group_exit+0x68/0x110 [<9000000000256554>] sys_exit_group+0x1c/0x20 [<9000000001c413b4>] do_syscall+0x94/0x130 [<90000000002216d8>] handle_syscall+0xb8/0x158 Disabling lock debugging due to kernel taint BUG: non-zero pgtables_bytes on freeing mm: -16384 On LoongArch system, invalid huge pte entry should be invalid_pte_table or a single _PAGE_HUGE bit rather than a zero value. And it should be the same with invalid pmd entry, since pmd_none() is called by function free_pgd_range() and pmd_none() return 0 by huge_pte_clear(). So single _PAGE_HUGE bit is also treated as a valid pte table and free_pte_range() will be called in free_pmd_range(). free_pmd_range() pmd = pmd_offset(pud, addr); do { next = pmd_addr_end(addr, end); if (pmd_none_or_clear_bad(pmd)) continue; free_pte_range(tlb, pmd, addr); } while (pmd++, addr = next, addr != end); Here invalid_pte_table is used for both invalid huge pte entry and pmd entry.
AI Analysis
Technical Summary
CVE-2024-56628 is a vulnerability identified in the Linux kernel specifically affecting the LoongArch architecture. The issue arises from improper handling of huge page table entries (huge_pte) during memory management operations. The vulnerability manifests when executing memory management self-tests (mm selftests) such as run_vmtests.sh, resulting in kernel errors indicating a bad page state and page flags check failures. The root cause is related to the treatment of invalid huge page table entries and page middle directory (pmd) entries. In LoongArch systems, invalid huge pte entries should be represented by invalid_pte_table or a single _PAGE_HUGE bit rather than zero. However, the current implementation treats a single _PAGE_HUGE bit as a valid pte table, causing the kernel to incorrectly invoke free_pte_range() during free_pmd_range() operations. This leads to inconsistencies such as non-zero pgtables_bytes on freeing memory management structures and ultimately kernel bugs or crashes. The vulnerability is embedded in the kernel's page table management code, particularly in functions like free_pmd_range(), pmd_none_or_clear_bad(), and huge_pte_clear(). The issue is architecture-specific and tied to the LoongArch CPU architecture, which is less common but gaining traction in certain markets. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability could cause system instability or crashes when running specific memory management workloads or tests, potentially impacting systems relying on LoongArch Linux kernels.
Potential Impact
For European organizations, the impact of CVE-2024-56628 depends largely on the deployment of LoongArch-based Linux systems. While LoongArch is not widely adopted in mainstream European enterprise environments compared to x86 or ARM architectures, it is possible that niche or specialized systems, such as research, embedded devices, or certain cloud environments, might use this architecture. The vulnerability could lead to kernel panics or system crashes during memory management operations, affecting system availability and reliability. This can disrupt critical services, especially in environments that rely on high availability or perform intensive memory operations. Although there is no evidence of exploitation in the wild, the vulnerability poses a risk to organizations running unpatched LoongArch Linux kernels, potentially leading to denial of service conditions. Confidentiality and integrity impacts are less direct but could arise if attackers leverage the instability to escalate privileges or bypass security controls, though such exploitation paths are not documented. Overall, the threat is more relevant to organizations with LoongArch deployments or those involved in kernel development and testing on this architecture.
Mitigation Recommendations
To mitigate CVE-2024-56628, European organizations should: 1) Identify and inventory any systems running LoongArch Linux kernels, particularly those using kernel versions around the affected commit hashes. 2) Apply the official Linux kernel patches once released that correct the huge_pte_clear() implementation and related page table handling functions for LoongArch. 3) Avoid running untrusted or unnecessary memory management self-tests (like run_vmtests.sh) on production systems to reduce exposure. 4) Monitor kernel logs for signs of bad page state errors or kernel panics related to memory management, which could indicate attempts to trigger this vulnerability. 5) Engage with Linux kernel maintainers or vendors providing LoongArch support to ensure timely updates and security advisories are received. 6) For organizations developing or maintaining LoongArch kernel code, review and test memory management code paths thoroughly to prevent regressions. 7) Consider isolating LoongArch systems in segmented network zones to limit potential impact if exploited. These steps go beyond generic patching advice by focusing on architecture-specific awareness, proactive monitoring, and operational controls tailored to the LoongArch environment.
Affected Countries
Germany, France, United Kingdom, Netherlands, Finland
CVE-2024-56628: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Add architecture specific huge_pte_clear() When executing mm selftests run_vmtests.sh, there is such an error: BUG: Bad page state in process uffd-unit-tests pfn:00000 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x0 flags: 0xffff0000002000(reserved|node=0|zone=0|lastcpupid=0xffff) raw: 00ffff0000002000 ffffbf0000000008 ffffbf0000000008 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set Modules linked in: snd_seq_dummy snd_seq snd_seq_device rfkill vfat fat virtio_balloon efi_pstore virtio_net pstore net_failover failover fuse nfnetlink virtio_scsi virtio_gpu virtio_dma_buf dm_multipath efivarfs CPU: 2 UID: 0 PID: 1913 Comm: uffd-unit-tests Not tainted 6.12.0 #184 Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 2/2/2022 Stack : 900000047c8ac000 0000000000000000 9000000000223a7c 900000047c8ac000 900000047c8af690 900000047c8af698 0000000000000000 900000047c8af7d8 900000047c8af7d0 900000047c8af7d0 900000047c8af5b0 0000000000000001 0000000000000001 900000047c8af698 10b3c7d53da40d26 0000010000000000 0000000000000022 0000000fffffffff fffffffffe000000 ffff800000000000 000000000000002f 0000800000000000 000000017a6d4000 90000000028f8940 0000000000000000 0000000000000000 90000000025aa5e0 9000000002905000 0000000000000000 90000000028f8940 ffff800000000000 0000000000000000 0000000000000000 0000000000000000 9000000000223a94 000000012001839c 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1d ... Call Trace: [<9000000000223a94>] show_stack+0x5c/0x180 [<9000000001c3fd64>] dump_stack_lvl+0x6c/0xa0 [<900000000056aa08>] bad_page+0x1a0/0x1f0 [<9000000000574978>] free_unref_folios+0xbf0/0xd20 [<90000000004e65cc>] folios_put_refs+0x1a4/0x2b8 [<9000000000599a0c>] free_pages_and_swap_cache+0x164/0x260 [<9000000000547698>] tlb_batch_pages_flush+0xa8/0x1c0 [<9000000000547f30>] tlb_finish_mmu+0xa8/0x218 [<9000000000543cb8>] exit_mmap+0x1a0/0x360 [<9000000000247658>] __mmput+0x78/0x200 [<900000000025583c>] do_exit+0x43c/0xde8 [<9000000000256490>] do_group_exit+0x68/0x110 [<9000000000256554>] sys_exit_group+0x1c/0x20 [<9000000001c413b4>] do_syscall+0x94/0x130 [<90000000002216d8>] handle_syscall+0xb8/0x158 Disabling lock debugging due to kernel taint BUG: non-zero pgtables_bytes on freeing mm: -16384 On LoongArch system, invalid huge pte entry should be invalid_pte_table or a single _PAGE_HUGE bit rather than a zero value. And it should be the same with invalid pmd entry, since pmd_none() is called by function free_pgd_range() and pmd_none() return 0 by huge_pte_clear(). So single _PAGE_HUGE bit is also treated as a valid pte table and free_pte_range() will be called in free_pmd_range(). free_pmd_range() pmd = pmd_offset(pud, addr); do { next = pmd_addr_end(addr, end); if (pmd_none_or_clear_bad(pmd)) continue; free_pte_range(tlb, pmd, addr); } while (pmd++, addr = next, addr != end); Here invalid_pte_table is used for both invalid huge pte entry and pmd entry.
AI-Powered Analysis
Technical Analysis
CVE-2024-56628 is a vulnerability identified in the Linux kernel specifically affecting the LoongArch architecture. The issue arises from improper handling of huge page table entries (huge_pte) during memory management operations. The vulnerability manifests when executing memory management self-tests (mm selftests) such as run_vmtests.sh, resulting in kernel errors indicating a bad page state and page flags check failures. The root cause is related to the treatment of invalid huge page table entries and page middle directory (pmd) entries. In LoongArch systems, invalid huge pte entries should be represented by invalid_pte_table or a single _PAGE_HUGE bit rather than zero. However, the current implementation treats a single _PAGE_HUGE bit as a valid pte table, causing the kernel to incorrectly invoke free_pte_range() during free_pmd_range() operations. This leads to inconsistencies such as non-zero pgtables_bytes on freeing memory management structures and ultimately kernel bugs or crashes. The vulnerability is embedded in the kernel's page table management code, particularly in functions like free_pmd_range(), pmd_none_or_clear_bad(), and huge_pte_clear(). The issue is architecture-specific and tied to the LoongArch CPU architecture, which is less common but gaining traction in certain markets. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability could cause system instability or crashes when running specific memory management workloads or tests, potentially impacting systems relying on LoongArch Linux kernels.
Potential Impact
For European organizations, the impact of CVE-2024-56628 depends largely on the deployment of LoongArch-based Linux systems. While LoongArch is not widely adopted in mainstream European enterprise environments compared to x86 or ARM architectures, it is possible that niche or specialized systems, such as research, embedded devices, or certain cloud environments, might use this architecture. The vulnerability could lead to kernel panics or system crashes during memory management operations, affecting system availability and reliability. This can disrupt critical services, especially in environments that rely on high availability or perform intensive memory operations. Although there is no evidence of exploitation in the wild, the vulnerability poses a risk to organizations running unpatched LoongArch Linux kernels, potentially leading to denial of service conditions. Confidentiality and integrity impacts are less direct but could arise if attackers leverage the instability to escalate privileges or bypass security controls, though such exploitation paths are not documented. Overall, the threat is more relevant to organizations with LoongArch deployments or those involved in kernel development and testing on this architecture.
Mitigation Recommendations
To mitigate CVE-2024-56628, European organizations should: 1) Identify and inventory any systems running LoongArch Linux kernels, particularly those using kernel versions around the affected commit hashes. 2) Apply the official Linux kernel patches once released that correct the huge_pte_clear() implementation and related page table handling functions for LoongArch. 3) Avoid running untrusted or unnecessary memory management self-tests (like run_vmtests.sh) on production systems to reduce exposure. 4) Monitor kernel logs for signs of bad page state errors or kernel panics related to memory management, which could indicate attempts to trigger this vulnerability. 5) Engage with Linux kernel maintainers or vendors providing LoongArch support to ensure timely updates and security advisories are received. 6) For organizations developing or maintaining LoongArch kernel code, review and test memory management code paths thoroughly to prevent regressions. 7) Consider isolating LoongArch systems in segmented network zones to limit potential impact if exploited. These steps go beyond generic patching advice by focusing on architecture-specific awareness, proactive monitoring, and operational controls tailored to the LoongArch environment.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-12-27T14:03:06.018Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9822c4522896dcbde3c2
Added to database: 5/21/2025, 9:08:50 AM
Last enriched: 6/28/2025, 6:24:34 AM
Last updated: 8/19/2025, 9:58:09 AM
Views: 18
Related Threats
CVE-2025-9300: Stack-based Buffer Overflow in saitoha libsixel
MediumCVE-2025-47184: n/a
UnknownCVE-2025-9299: Stack-based Buffer Overflow in Tenda M3
HighCVE-2025-9298: Stack-based Buffer Overflow in Tenda M3
HighCVE-2025-9297: Stack-based Buffer Overflow in Tenda i22
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.