Vulnerabilities > CVE-2024-44965 - Unspecified vulnerability in Linux Kernel
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix pti_clone_pgtable() alignment assumption Guenter reported dodgy crashes on an i386-nosmp build using GCC-11 that had the form of endless traps until entry stack exhaust and then #DF from the stack guard. It turned out that pti_clone_pgtable() had alignment assumptions on the start address, notably it hard assumes start is PMD aligned. This is true on x86_64, but very much not true on i386. These assumptions can cause the end condition to malfunction, leading to a 'short' clone. Guess what happens when the user mapping has a short copy of the entry text? Use the correct increment form for addr to avoid alignment assumptions.
Vulnerable Configurations
References
- https://git.kernel.org/stable/c/18da1b27ce16a14a9b636af9232acb4fb24f4c9e
- https://git.kernel.org/stable/c/25a727233a40a9b33370eec9f0cad67d8fd312f8
- https://git.kernel.org/stable/c/d00c9b4bbc442d99e1dafbdfdab848bc1ead73f6
- https://git.kernel.org/stable/c/4d143ae782009b43b4f366402e5c37f59d4e4346
- https://git.kernel.org/stable/c/5c580c1050bcbc15c3e78090859d798dcf8c9763
- https://git.kernel.org/stable/c/ca07aab70dd3b5e7fddb62d7a6ecd7a7d6d0b2ed
- https://git.kernel.org/stable/c/df3eecb5496f87263d171b254ca6e2758ab3c35c
- https://git.kernel.org/stable/c/41e71dbb0e0a0fe214545fe64af031303a08524c