CVE-2024-26795 in Linuxinfo

Summary

by MITRE • 04/04/2024

In the Linux kernel, the following vulnerability has been resolved:

riscv: Sparse-Memory/vmemmap out-of-bounds fix

Offset vmemmap so that the first page of vmemmap will be mapped to the first page of physical memory in order to ensure that vmemmap’s bounds will be respected during pfn_to_page()/page_to_pfn() operations. The conversion macros will produce correct SV39/48/57 addresses for every possible/valid DRAM_BASE inside the physical memory limits.

v2:Address Alex's comments

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 08/04/2025

The vulnerability CVE-2024-26795 addresses a critical out-of-bounds memory access issue within the Linux kernel's RISC-V architecture implementation, specifically affecting the sparse-memory vmemmap subsystem. This flaw exists in the memory management layer where the virtual memory mapping for physical memory pages is handled. The vulnerability stems from improper offsetting of the vmemmap region, which creates a scenario where the first page of vmemmap does not align correctly with the first page of physical memory, leading to potential memory corruption and system instability.

The technical implementation of this vulnerability resides in the pfn_to_page() and page_to_pfn() conversion macros that are fundamental to the kernel's memory management operations. These macros are responsible for translating between physical frame numbers and page structure pointers, which forms the backbone of memory allocation and deallocation within the kernel. When the vmemmap region is not properly offset to align with physical memory boundaries, these conversion operations can produce incorrect virtual addresses, particularly for SV39/48/57 memory management unit architectures used in RISC-V processors. The flaw specifically impacts the handling of DRAM_BASE values within physical memory limits, where the address translation logic fails to account for proper boundary conditions.

The operational impact of this vulnerability extends beyond simple memory corruption, as it represents a potential attack vector for privilege escalation and system compromise. An attacker could exploit this out-of-bounds condition to manipulate memory mappings in ways that could lead to code execution, data corruption, or denial of service conditions. The vulnerability affects systems running Linux kernels on RISC-V hardware platforms, particularly those utilizing the sparse-memory configuration where memory is not contiguous. This issue is particularly concerning in embedded systems, servers, and other environments where RISC-V processors are deployed, as it could be leveraged to gain unauthorized access to system resources or disrupt normal operations.

The fix implemented for CVE-2024-26795 involves adjusting the vmemmap offset so that the first page of vmemmap aligns with the first page of physical memory, ensuring that bounds checking during pfn_to_page() and page_to_pfn() operations functions correctly. This correction addresses the fundamental misalignment that caused the out-of-bounds access conditions. The solution specifically ensures that conversion macros generate proper SV39/48/57 addresses for all valid DRAM_BASE values within physical memory limits, thereby preventing the address translation errors that could lead to memory corruption. The fix represents a targeted correction to the memory management subsystem that maintains compatibility while eliminating the security risk. This vulnerability aligns with CWE-129 Input Validation and CWE-787 Out-of-bounds Write categories, and could be mapped to ATT&CK techniques involving privilege escalation and system resource manipulation through memory corruption exploits.

Reservation

02/19/2024

Disclosure

04/04/2024

Moderation

accepted

CPE

ready

EPSS

0.00228

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!