CVE-2024-26783 in Linuxinfo

Summary

by MITRE • 04/04/2024

In the Linux kernel, the following vulnerability has been resolved:

mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index

With numa balancing on, when a numa system is running where a numa node doesn't have its local memory so it has no managed zones, the following oops has been observed. It's because wakeup_kswapd() is called with a wrong zone index, -1. Fixed it by checking the index before calling wakeup_kswapd().

> BUG: unable to handle page fault for address: 00000000000033f3 > #PF: supervisor read access in kernel mode > #PF: error_code(0x0000) - not-present page > PGD 0 P4D 0 > Oops: 0000 [#1] PREEMPT SMP NOPTI
> CPU: 2 PID: 895 Comm: masim Not tainted 6.6.0-dirty #255 > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS > rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 > RIP: 0010:wakeup_kswapd (./linux/mm/vmscan.c:7812) > Code: (omitted) > RSP: 0000:ffffc90004257d58 EFLAGS: 00010286 > RAX: ffffffffffffffff RBX: ffff88883fff0480 RCX: 0000000000000003 > RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88883fff0480 > RBP: ffffffffffffffff R08: ff0003ffffffffff R09: ffffffffffffffff > R10: ffff888106c95540 R11: 0000000055555554 R12: 0000000000000003 > R13: 0000000000000000 R14: 0000000000000000 R15: ffff88883fff0940 > FS: 00007fc4b8124740(0000) GS:ffff888827c00000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 00000000000033f3 CR3: 000000026cc08004 CR4: 0000000000770ee0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > PKRU: 55555554 > Call Trace: > > ? __die > ? page_fault_oops > ? __pte_offset_map_lock > ? exc_page_fault > ? asm_exc_page_fault > ? wakeup_kswapd > migrate_misplaced_page > __handle_mm_fault > handle_mm_fault > do_user_addr_fault > exc_page_fault > asm_exc_page_fault > RIP: 0033:0x55b897ba0808 > Code: (omitted) > RSP: 002b:00007ffeefa821a0 EFLAGS: 00010287 > RAX: 000055b89983acd0 RBX: 00007ffeefa823f8 RCX: 000055b89983acd0 > RDX: 00007fc2f8122010 RSI: 0000000000020000 RDI: 000055b89983acd0 > RBP: 00007ffeefa821a0 R08: 0000000000000037 R09: 0000000000000075 > R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 > R13: 00007ffeefa82410 R14: 000055b897ba5dd8 R15: 00007fc4b8340000 >

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 08/04/2025

The vulnerability identified as CVE-2024-26783 resides within the Linux kernel's memory management subsystem, specifically in the vmscan component responsible for memory reclamation and NUMA balancing operations. This flaw manifests when a NUMA system operates with nodes that lack local memory resources, resulting in nodes that contain no managed zones. The issue stems from an incorrect zone index being passed to the wakeup_kswapd() function, which leads to a kernel page fault and subsequent system oops. The kernel attempts to access memory at address 0x00000000000033f3, triggering a supervisor read access error that crashes the system.

The technical root cause of this vulnerability can be traced to improper validation of zone indices before function calls within the memory management code path. When NUMA balancing is enabled and a system contains nodes without managed memory zones, the kernel computes a zone index of -1, which is subsequently passed to wakeup_kswapd(). This invalid index causes the function to attempt accessing memory structures that do not exist, resulting in a page fault. The vulnerability aligns with CWE-129, which addresses improper validation of array indices, and demonstrates how incorrect parameter validation can lead to kernel crashes and system instability. The flaw represents a classic case of out-of-bounds memory access that occurs during memory migration operations when handling misaligned page placements.

The operational impact of this vulnerability is significant for systems utilizing NUMA architectures with asymmetric memory configurations. Systems that employ NUMA balancing features and contain nodes without local memory resources become vulnerable to kernel oops and potential system crashes. This affects enterprise servers, cloud infrastructure, and high-performance computing environments where NUMA optimization is critical for performance. The vulnerability can lead to unexpected system interruptions, data loss during memory management operations, and denial of service conditions that impact system availability. Attackers who can influence memory allocation patterns or trigger specific NUMA balancing scenarios could potentially exploit this weakness to cause system instability or perform denial of service attacks against running systems.

Mitigation strategies for this vulnerability involve implementing proper bounds checking before calling wakeup_kswapd() with zone indices. The fix requires validating that zone indices are within acceptable ranges before passing them to kernel memory management functions, ensuring that negative indices or indices beyond the valid zone array bounds are rejected. System administrators should ensure their kernels are updated to versions containing the patched code that properly validates zone indices in the vmscan component. Additionally, monitoring for NUMA system configurations with nodes lacking managed zones can help identify potentially vulnerable systems. The fix aligns with ATT&CK technique T1490, which involves exploitation of system resource exhaustion, and emphasizes the importance of proper input validation in kernel memory management functions. Organizations should prioritize kernel updates and maintain awareness of NUMA system configurations that may expose this vulnerability during routine system maintenance and configuration reviews.

Reservation

02/19/2024

Disclosure

04/04/2024

Moderation

accepted

CPE

ready

EPSS

0.00235

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!