{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-53113", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-11-19T17:17:24.993Z", "datePublished": "2024-12-02T13:44:45.419Z", "dateUpdated": "2025-05-04T09:53:20.266Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:53:20.266Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: fix NULL pointer dereference in alloc_pages_bulk_noprof\n\nWe triggered a NULL pointer dereference for ac.preferred_zoneref->zone in\nalloc_pages_bulk_noprof() when the task is migrated between cpusets.\n\nWhen cpuset is enabled, in prepare_alloc_pages(), ac->nodemask may be\n&current->mems_allowed. when first_zones_zonelist() is called to find\npreferred_zoneref, the ac->nodemask may be modified concurrently if the\ntask is migrated between different cpusets. Assuming we have 2 NUMA Node,\nwhen traversing Node1 in ac->zonelist, the nodemask is 2, and when\ntraversing Node2 in ac->zonelist, the nodemask is 1. As a result, the\nac->preferred_zoneref points to NULL zone.\n\nIn alloc_pages_bulk_noprof(), for_each_zone_zonelist_nodemask() finds a\nallowable zone and calls zonelist_node_idx(ac.preferred_zoneref), leading\nto NULL pointer dereference.\n\n__alloc_pages_noprof() fixes this issue by checking NULL pointer in commit\nea57485af8f4 (\"mm, page_alloc: fix check for NULL preferred_zone\") and\ncommit df76cee6bbeb (\"mm, page_alloc: remove redundant checks from alloc\nfastpath\").\n\nTo fix it, check NULL pointer for preferred_zoneref->zone."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["mm/page_alloc.c"], "versions": [{"version": "387ba26fb1cb9be9e35dc14a6d97188e916eda05", "lessThan": "903d896448c2e50e8652aaba529a30d4d1eaa0e5", "status": "affected", "versionType": "git"}, {"version": "387ba26fb1cb9be9e35dc14a6d97188e916eda05", "lessThan": "6addb2d9501ec866d7b3a3b4e665307c437e9be2", "status": "affected", "versionType": "git"}, {"version": "387ba26fb1cb9be9e35dc14a6d97188e916eda05", "lessThan": "d0f16cec79774c3132df006cf771eddd89d08f58", "status": "affected", "versionType": "git"}, {"version": "387ba26fb1cb9be9e35dc14a6d97188e916eda05", "lessThan": "31502374627ba9ec3e710dbd0bb00457cc6d2c19", "status": "affected", "versionType": "git"}, {"version": "387ba26fb1cb9be9e35dc14a6d97188e916eda05", "lessThan": "8ce41b0f9d77cca074df25afd39b86e2ee3aa68e", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["mm/page_alloc.c"], "versions": [{"version": "5.13", "status": "affected"}, {"version": "0", "lessThan": "5.13", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.174", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.119", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.63", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11.10", "lessThanOrEqual": "6.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "5.15.174"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "6.1.119"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "6.6.63"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "6.11.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "6.12"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/903d896448c2e50e8652aaba529a30d4d1eaa0e5"}, {"url": "https://git.kernel.org/stable/c/6addb2d9501ec866d7b3a3b4e665307c437e9be2"}, {"url": "https://git.kernel.org/stable/c/d0f16cec79774c3132df006cf771eddd89d08f58"}, {"url": "https://git.kernel.org/stable/c/31502374627ba9ec3e710dbd0bb00457cc6d2c19"}, {"url": "https://git.kernel.org/stable/c/8ce41b0f9d77cca074df25afd39b86e2ee3aa68e"}], "title": "mm: fix NULL pointer dereference in alloc_pages_bulk_noprof", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1DC3D09C-354A-4F4D-9A89-E62897E5187A", "versionEndExcluding": "6.1.119", "versionStartIncluding": "5.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8800BB45-48BC-4B52-BDA5-B1E4633F42E5", "versionEndExcluding": "6.6.63", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C256F46A-AFDD-4B99-AA4F-67D9D9D2C55A", "versionEndExcluding": "6.11.10", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*", "matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*", "matchCriteriaId": "24DBE6C7-2AAE-4818-AED2-E131F153D2FA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*", "matchCriteriaId": "24B88717-53F5-42AA-9B72-14C707639E3F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc7:*:*:*:*:*:*", "matchCriteriaId": "1EF8CD82-1EAE-4254-9545-F85AB94CF90F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: fix NULL pointer dereference in alloc_pages_bulk_noprof\n\nWe triggered a NULL pointer dereference for ac.preferred_zoneref->zone in\nalloc_pages_bulk_noprof() when the task is migrated between cpusets.\n\nWhen cpuset is enabled, in prepare_alloc_pages(), ac->nodemask may be\n&current->mems_allowed. when first_zones_zonelist() is called to find\npreferred_zoneref, the ac->nodemask may be modified concurrently if the\ntask is migrated between different cpusets. Assuming we have 2 NUMA Node,\nwhen traversing Node1 in ac->zonelist, the nodemask is 2, and when\ntraversing Node2 in ac->zonelist, the nodemask is 1. As a result, the\nac->preferred_zoneref points to NULL zone.\n\nIn alloc_pages_bulk_noprof(), for_each_zone_zonelist_nodemask() finds a\nallowable zone and calls zonelist_node_idx(ac.preferred_zoneref), leading\nto NULL pointer dereference.\n\n__alloc_pages_noprof() fixes this issue by checking NULL pointer in commit\nea57485af8f4 (\"mm, page_alloc: fix check for NULL preferred_zone\") and\ncommit df76cee6bbeb (\"mm, page_alloc: remove redundant checks from alloc\nfastpath\").\n\nTo fix it, check NULL pointer for preferred_zoneref->zone."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm: corregir la desreferencia de puntero NULL en alloc_pages_bulk_noprof Activamos una desreferencia de puntero NULL para ac.preferred_zoneref->zone en alloc_pages_bulk_noprof() cuando la tarea se migra entre conjuntos de CPU. Cuando se habilita el conjunto de CPU, en prepare_alloc_pages(), ac->nodemask puede ser &current->mems_allowed. Cuando se llama a first_zones_zonelist() para encontrar preference_zoneref, ac->nodemask puede modificarse simult\u00e1neamente si la tarea se migra entre diferentes conjuntos de CPU. Suponiendo que tenemos 2 nodos NUMA, al recorrer el nodo 1 en ac->zonelist, la m\u00e1scara de nodo es 2, y al recorrer el nodo 2 en ac->zonelist, la m\u00e1scara de nodo es 1. Como resultado, ac->preferred_zoneref apunta a la zona NULL. En alloc_pages_bulk_noprof(), for_each_zone_zonelist_nodemask() encuentra una zona permitida y llama a zonelist_node_idx(ac.preferred_zoneref), lo que genera una desreferencia del puntero NULL. __alloc_pages_noprof() corrige este problema al verificar el puntero NULL en el commit ea57485af8f4 (\"mm, page_alloc: corregir la verificaci\u00f3n para la zona preferida NULL\") y el commit df76cee6bbeb (\"mm, page_alloc: eliminar las verificaciones redundantes de la ruta r\u00e1pida de asignaci\u00f3n\"). Para solucionarlo, verifique el puntero NULL para la zona preferida->zone."}], "id": "CVE-2024-53113", "lastModified": "2024-12-14T21:15:35.550", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-12-02T14:15:12.097", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/31502374627ba9ec3e710dbd0bb00457cc6d2c19"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6addb2d9501ec866d7b3a3b4e665307c437e9be2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8ce41b0f9d77cca074df25afd39b86e2ee3aa68e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/903d896448c2e50e8652aaba529a30d4d1eaa0e5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d0f16cec79774c3132df006cf771eddd89d08f58"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2025:2627", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.31.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-03-11T00:00:00Z"}, {"advisory": "RHSA-2025:2627", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.31.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-03-11T00:00:00Z"}, {"advisory": "RHSA-2025:1253", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "kernel-0:5.14.0-70.124.1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-02-10T00:00:00Z"}, {"advisory": "RHSA-2025:1254", "cpe": "cpe:/a:redhat:rhel_e4s:9.0::nfv", "package": "kernel-rt-0:5.14.0-70.124.1.rt21.196.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-02-10T00:00:00Z"}, {"advisory": "RHSA-2025:1268", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.103.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-02-11T00:00:00Z"}, {"advisory": "RHSA-2025:1269", "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.103.1.rt14.388.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-02-11T00:00:00Z"}, {"advisory": "RHSA-2025:1658", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "kernel-0:5.14.0-427.55.1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-02-19T00:00:00Z"}], "bugzilla": {"description": "kernel: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof", "id": "2329924", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2329924"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nmm: fix NULL pointer dereference in alloc_pages_bulk_noprof\nWe triggered a NULL pointer dereference for ac.preferred_zoneref->zone in\nalloc_pages_bulk_noprof() when the task is migrated between cpusets.\nWhen cpuset is enabled, in prepare_alloc_pages(), ac->nodemask may be\n&current->mems_allowed. when first_zones_zonelist() is called to find\npreferred_zoneref, the ac->nodemask may be modified concurrently if the\ntask is migrated between different cpusets. Assuming we have 2 NUMA Node,\nwhen traversing Node1 in ac->zonelist, the nodemask is 2, and when\ntraversing Node2 in ac->zonelist, the nodemask is 1. As a result, the\nac->preferred_zoneref points to NULL zone.\nIn alloc_pages_bulk_noprof(), for_each_zone_zonelist_nodemask() finds a\nallowable zone and calls zonelist_node_idx(ac.preferred_zoneref), leading\nto NULL pointer dereference.\n__alloc_pages_noprof() fixes this issue by checking NULL pointer in commit\nea57485af8f4 (\"mm, page_alloc: fix check for NULL preferred_zone\") and\ncommit df76cee6bbeb (\"mm, page_alloc: remove redundant checks from alloc\nfastpath\").\nTo fix it, check NULL pointer for preferred_zoneref->zone."], "name": "CVE-2024-53113", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-12-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-53113\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-53113\nhttps://lore.kernel.org/linux-cve-announce/2024120249-CVE-2024-53113-57df@gregkh/T"], "statement": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-476: NULL Pointer Dereference vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\nThe platform incorporates secure engineering principles and controls to enforce secure coding practices, including proper memory handling and error checking, reducing the likelihood of null pointer dereference vulnerabilities. Coding standards, tools, and processes support early detection and prevention of memory-related flaws. Static code analysis identifies null dereference and related issues during development, while system monitoring detects memory errors and anomalous behavior in the event of exploitation. Additionally, the platform leverages memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to strengthen resilience against memory-related vulnerabilities.", "threat_severity": "Moderate"}