Linux Kernel up to 6.11.2 hugetlb memfd_alloc_folio reference count

| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.5 | $0-$5k | 0.00 |
Summary
A vulnerability described as critical has been identified in Linux Kernel up to 6.11.2. Affected is the function memfd_alloc_folio of the component hugetlb. Such manipulation leads to reference count.
This vulnerability is listed as CVE-2024-49964. There is no available exploit.
Upgrading the affected component is recommended.
Details
A vulnerability was found in Linux Kernel up to 6.11.2. It has been rated as critical. Affected by this issue is the function memfd_alloc_folio of the component hugetlb. The manipulation with an unknown input leads to a reference count vulnerability. Using CWE to declare the problem leads to CWE-911. The product uses a reference count to manage a resource, but it does not update or incorrectly updates the reference count. Impacted is availability. CVE summarizes:
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix memfd_pin_folios free_huge_pages leak memfd_pin_folios followed by unpin_folios fails to restore free_huge_pages if the pages were not already faulted in, because the folio refcount for pages created by memfd_alloc_folio never goes to 0. memfd_pin_folios needs another folio_put to undo the folio_try_get below: memfd_alloc_folio() alloc_hugetlb_folio_nodemask() dequeue_hugetlb_folio_nodemask() dequeue_hugetlb_folio_node_exact() folio_ref_unfreeze(folio, 1); ; adds 1 refcount folio_try_get() ; adds 1 refcount hugetlb_add_to_page_cache() ; adds 512 refcount (on x86) With the fix, after memfd_pin_folios + unpin_folios, the refcount for the (unfaulted) page is 512, which is correct, as the refcount for a faulted unpinned page is 513.
The advisory is available at git.kernel.org. This vulnerability is handled as CVE-2024-49964 since 10/21/2024. Technical details are known, but there is no available exploit.
The vulnerability scanner Nessus provides a plugin with the ID 216493 (Ubuntu 24.10 : Linux kernel vulnerabilities (USN-7276-1)), which helps to determine the existence of the flaw in a target environment.
Upgrading to version 6.11.3 eliminates this vulnerability. Applying the patch 59e081ff2e91/c56b6f3d801d is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.
The vulnerability is also documented in the databases at Tenable (216493) and CERT Bund (WID-SEC-2024-3251). If you want to get best quality of vulnerability data, you may have to visit VulDB.
Affected
- Google Container-Optimized OS
- Debian Linux
- Amazon Linux 2
- Red Hat Enterprise Linux
- NetApp StorageGRID
- Ubuntu Linux
- SUSE Linux
- Oracle Linux
- Kyocera Printer
- NetApp AFF
- NetApp ActiveIQ Unified Manager
- SUSE openSUSE
- IBM Security Guardium
- RESF Rocky Linux
- Dell NetWorker
- Dell Avamar
- IBM QRadar SIEM
- NetApp FAS
- SolarWinds Security Event Manager
- Dell PowerProtect Data Domain
- Open Source Linux Kernel
- Dell PowerScale OneFS
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.kernel.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.6VulDB Meta Temp Score: 5.5
VulDB Base Score: 5.7
VulDB Temp Score: 5.5
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 5.5
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Reference countCWE: CWE-911 / CWE-664
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 216493
Nessus Name: Ubuntu 24.10 : Linux kernel vulnerabilities (USN-7276-1)
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Kernel 6.11.3
Patch: 59e081ff2e91/c56b6f3d801d
Timeline
10/21/2024 🔍10/21/2024 🔍
10/21/2024 🔍
03/21/2026 🔍
Sources
Vendor: kernel.orgAdvisory: git.kernel.org
Status: Confirmed
CVE: CVE-2024-49964 (🔍)
GCVE (CVE): GCVE-0-2024-49964
GCVE (VulDB): GCVE-100-281258
CERT Bund: WID-SEC-2024-3251 - Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service
Entry
Created: 10/21/2024 21:23Updated: 03/21/2026 15:30
Changes: 10/21/2024 21:23 (58), 11/08/2024 06:06 (11), 02/20/2025 06:57 (2), 07/27/2025 00:57 (7), 03/21/2026 15:30 (1)
Complete: 🔍
Cache ID: 216::103
If you want to get best quality of vulnerability data, you may have to visit VulDB.
No comments yet. Languages: en.
Please log in to comment.