CVE-2024-36882 in Linux
Summary
by MITRE • 05/30/2024
In the Linux kernel, the following vulnerability has been resolved:
mm: use memalloc_nofs_save() in page_cache_ra_order()
See commit f2c817bed58d ("mm: use memalloc_nofs_save in readahead path"), ensure that page_cache_ra_order() do not attempt to reclaim file-backed pages too, or it leads to a deadlock, found issue when test ext4 large folio.
INFO: task DataXceiver for:7494 blocked for more than 120 seconds. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:DataXceiver for state:D stack:0 pid:7494 ppid:1 flags:0x00000200 Call trace: __switch_to+0x14c/0x240 __schedule+0x82c/0xdd0 schedule+0x58/0xf0 io_schedule+0x24/0xa0 __folio_lock+0x130/0x300 migrate_pages_batch+0x378/0x918 migrate_pages+0x350/0x700 compact_zone+0x63c/0xb38 compact_zone_order+0xc0/0x118 try_to_compact_pages+0xb0/0x280 __alloc_pages_direct_compact+0x98/0x248 __alloc_pages+0x510/0x1110 alloc_pages+0x9c/0x130 folio_alloc+0x20/0x78 filemap_alloc_folio+0x8c/0x1b0 page_cache_ra_order+0x174/0x308 ondemand_readahead+0x1c8/0x2b8 page_cache_async_ra+0x68/0xb8 filemap_readahead.isra.0+0x64/0xa8 filemap_get_pages+0x3fc/0x5b0 filemap_splice_read+0xf4/0x280 ext4_file_splice_read+0x2c/0x48 [ext4]
vfs_splice_read.part.0+0xa8/0x118 splice_direct_to_actor+0xbc/0x288 do_splice_direct+0x9c/0x108 do_sendfile+0x328/0x468 __arm64_sys_sendfile64+0x8c/0x148 invoke_syscall+0x4c/0x118 el0_svc_common.constprop.0+0xc8/0xf0 do_el0_svc+0x24/0x38 el0_svc+0x4c/0x1f8 el0t_64_sync_handler+0xc0/0xc8 el0t_64_sync+0x188/0x190
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 08/28/2025
The vulnerability identified as CVE-2024-36882 resides within the Linux kernel's memory management subsystem, specifically affecting the page cache readahead functionality. This issue manifests when the page_cache_ra_order() function attempts to reclaim file-backed pages during readahead operations, leading to a deadlock condition that can block system tasks for extended periods. The problem was discovered during testing of ext4 filesystem with large folios, where the kernel's memory allocation context became compromised during page migration operations. The root cause stems from improper handling of memory allocation flags within the readahead path, which creates a circular dependency between memory reclaim operations and page migration processes.
The technical flaw occurs in the mm subsystem where the page_cache_ra_order() function fails to properly manage the memalloc_nofs_save() context during file-backed page allocation. This function is invoked during ondemand_readahead operations and attempts to allocate pages for readahead without maintaining proper memory allocation flags. When the system encounters large folio operations on ext4 filesystems, the function's inability to prevent file-backed page reclamation creates a deadlock scenario where tasks become blocked indefinitely. The call trace demonstrates that the deadlock originates from migrate_pages_batch function attempting to lock folios while the page_cache_ra_order() function is already holding memory allocation contexts that prevent proper page migration. This condition violates the kernel's memory management principles and creates a system-wide blocking condition that affects data transfer operations.
The operational impact of this vulnerability is severe and affects systems running ext4 filesystems with large folio configurations, particularly those performing high-throughput file I/O operations. When the deadlock occurs, system tasks such as DataXceiver for:7494 become blocked for over 120 seconds, rendering the system unresponsive to file I/O requests during this period. The vulnerability directly impacts the kernel's ability to perform memory compaction and page migration operations, which are essential for maintaining system memory efficiency. The issue can be triggered through normal file reading operations, particularly when reading large files or when the system is under memory pressure. This creates a denial-of-service condition where legitimate system operations become blocked, potentially affecting database operations, file servers, and any application relying on ext4 filesystem performance. The vulnerability affects systems using the ARM64 architecture with the specified kernel version, where the memory management subsystem lacks proper context handling during readahead operations.
Mitigation strategies for this vulnerability require immediate kernel updates that implement the fix from commit f2c817bed58d, which properly integrates memalloc_nofs_save() into the readahead path. System administrators should prioritize applying the patched kernel version to prevent deadlock conditions, particularly on systems handling large file operations or under memory pressure. The fix ensures that page_cache_ra_order() properly saves and restores memory allocation flags during readahead operations, preventing the circular dependency that leads to deadlocks. Additionally, monitoring systems should be configured to detect hung task conditions and alert administrators when similar blocking patterns occur, as this may indicate the presence of other related memory management issues. Organizations should also consider implementing memory pressure management strategies and avoiding large folio configurations if the patched kernel version is not immediately available, while maintaining regular kernel update schedules to address similar vulnerabilities. This vulnerability aligns with CWE-367, representing a time-of-check to time-of-use race condition, and maps to ATT&CK technique T1489, which involves system denial of service through resource exhaustion or blocking operations.