CVE-2024-35987

In the Linux kernel, the following vulnerability has been resolved: riscv: Fix loading 64-bit NOMMU kernels past the start of RAM commit 3335068f8721 ("riscv: Use PUD/P4D/PGD pages for the linear mapping") added logic to allow using RAM below the kernel load address. However, this does not work for NOMMU, where PAGE_OFFSET is fixed to the kernel load address. Since that range of memory corresponds to PFNs below ARCH_PFN_OFFSET, mm initialization runs off the beginning of mem_map and corrupts adjacent kernel memory. Fix this by restoring the previous behavior for NOMMU kernels.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/aea702dde7e9876fb00571a2602f25130847bf0f	Patch
https://git.kernel.org/stable/c/b008e327fa570aca210f98c817757649bae56694	Patch
https://git.kernel.org/stable/c/ea6628e4e2353978af7e3b4ad4fdaab6149acf3d	Patch
https://git.kernel.org/stable/c/aea702dde7e9876fb00571a2602f25130847bf0f	Patch
https://git.kernel.org/stable/c/b008e327fa570aca210f98c817757649bae56694	Patch
https://git.kernel.org/stable/c/ea6628e4e2353978af7e3b4ad4fdaab6149acf3d	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc5::::::

History

No history.

Information

Published : 2024-05-20 10:15

Updated : 2025-09-24 18:16

NVD link : CVE-2024-35987

Mitre link : CVE-2024-35987

CVE.ORG link : CVE-2024-35987

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2024-35987", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-05-20T10:15:13.057", "references": [{"url": "https://git.kernel.org/stable/c/aea702dde7e9876fb00571a2602f25130847bf0f", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b008e327fa570aca210f98c817757649bae56694", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/ea6628e4e2353978af7e3b4ad4fdaab6149acf3d", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/aea702dde7e9876fb00571a2602f25130847bf0f", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/b008e327fa570aca210f98c817757649bae56694", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/ea6628e4e2353978af7e3b4ad4fdaab6149acf3d", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Fix loading 64-bit NOMMU kernels past the start of RAM\n\ncommit 3335068f8721 (\"riscv: Use PUD/P4D/PGD pages for the linear\nmapping\") added logic to allow using RAM below the kernel load address.\nHowever, this does not work for NOMMU, where PAGE_OFFSET is fixed to the\nkernel load address. Since that range of memory corresponds to PFNs\nbelow ARCH_PFN_OFFSET, mm initialization runs off the beginning of\nmem_map and corrupts adjacent kernel memory. Fix this by restoring the\nprevious behavior for NOMMU kernels."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: riscv: se corrigi\u00f3 la carga de kernels NOMMU de 64 bits despu\u00e9s del inicio de la confirmaci\u00f3n de RAM. 3335068f8721 (\"riscv: use p\u00e1ginas PUD/P4D/PGD para el mapeo lineal\") se agreg\u00f3 l\u00f3gica para permitir el uso RAM debajo de la direcci\u00f3n de carga del kernel. Sin embargo, esto no funciona para NOMMU, donde PAGE_OFFSET est\u00e1 fijado a la direcci\u00f3n de carga del kernel. Dado que ese rango de memoria corresponde a los PFN por debajo de ARCH_PFN_OFFSET, la inicializaci\u00f3n de mm se ejecuta desde el principio de mem_map y corrompe la memoria del kernel adyacente. Solucione este problema restaurando el comportamiento anterior de los n\u00facleos NOMMU."}], "lastModified": "2025-09-24T18:16:30.880", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "690AEB51-07F0-40A3-9967-DE94D673735E", "versionEndExcluding": "6.6.30", "versionStartIncluding": "6.4"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F9041E5-8358-4EF7-8F98-B812EDE49612", "versionEndExcluding": "6.8.9", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52048DDA-FC5A-4363-95A0-A6357B4D7F8C"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A06B2CCF-3F43-4FA9-8773-C83C3F5764B2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F850DCEC-E08B-4317-A33B-D2DCF39F601B"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}