{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-40948", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.591Z", "datePublished": "2024-07-12T12:31:53.478Z", "dateUpdated": "2026-05-11T20:22:55.621Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T20:22:55.621Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/page_table_check: fix crash on ZONE_DEVICE\n\nNot all pages may apply to pgtable check. One example is ZONE_DEVICE\npages: they map PFNs directly, and they don't allocate page_ext at all\neven if there's struct page around. One may reference\ndevm_memremap_pages().\n\nWhen both ZONE_DEVICE and page-table-check enabled, then try to map some\ndax memories, one can trigger kernel bug constantly now when the kernel\nwas trying to inject some pfn maps on the dax device:\n\n kernel BUG at mm/page_table_check.c:55!\n\nWhile it's pretty legal to use set_pxx_at() for ZONE_DEVICE pages for page\nfault resolutions, skip all the checks if page_ext doesn't even exist in\npgtable checker, which applies to ZONE_DEVICE but maybe more."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["mm/page_table_check.c"], "versions": [{"version": "df4e817b710809425d899340dbfa8504a3ca4ba5", "lessThan": "51897f99351fff7b57f4f141940fa93b4e90fd2b", "status": "affected", "versionType": "git"}, {"version": "df4e817b710809425d899340dbfa8504a3ca4ba5", "lessThan": "84d3549d54f5ff9fa3281257be3019386f51d1a0", "status": "affected", "versionType": "git"}, {"version": "df4e817b710809425d899340dbfa8504a3ca4ba5", "lessThan": "dec2382247860d2134c8d41e103e26460c099629", "status": "affected", "versionType": "git"}, {"version": "df4e817b710809425d899340dbfa8504a3ca4ba5", "lessThan": "8bb592c2eca8fd2bc06db7d80b38da18da4a2f43", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["mm/page_table_check.c"], "versions": [{"version": "5.17", "status": "affected"}, {"version": "0", "lessThan": "5.17", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.96", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.36", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.7", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.17", "versionEndExcluding": "6.1.96"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.17", "versionEndExcluding": "6.6.36"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.17", "versionEndExcluding": "6.9.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.17", "versionEndExcluding": "6.10"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/51897f99351fff7b57f4f141940fa93b4e90fd2b"}, {"url": "https://git.kernel.org/stable/c/84d3549d54f5ff9fa3281257be3019386f51d1a0"}, {"url": "https://git.kernel.org/stable/c/dec2382247860d2134c8d41e103e26460c099629"}, {"url": "https://git.kernel.org/stable/c/8bb592c2eca8fd2bc06db7d80b38da18da4a2f43"}], "title": "mm/page_table_check: fix crash on ZONE_DEVICE", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/51897f99351fff7b57f4f141940fa93b4e90fd2b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/84d3549d54f5ff9fa3281257be3019386f51d1a0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dec2382247860d2134c8d41e103e26460c099629", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8bb592c2eca8fd2bc06db7d80b38da18da4a2f43", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T21:58:15.639Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40948", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:04:08.155956Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:25.080Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/51897f99351fff7b57f4f141940fa93b4e90fd2b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/84d3549d54f5ff9fa3281257be3019386f51d1a0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dec2382247860d2134c8d41e103e26460c099629", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8bb592c2eca8fd2bc06db7d80b38da18da4a2f43", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:55.324Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40948", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:04:08.155956Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:22.516Z"}}], "cna": {"title": "mm/page_table_check: fix crash on ZONE_DEVICE", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "df4e817b710809425d899340dbfa8504a3ca4ba5", "lessThan": "51897f99351fff7b57f4f141940fa93b4e90fd2b", "versionType": "git"}, {"status": "affected", "version": "df4e817b710809425d899340dbfa8504a3ca4ba5", "lessThan": "84d3549d54f5ff9fa3281257be3019386f51d1a0", "versionType": "git"}, {"status": "affected", "version": "df4e817b710809425d899340dbfa8504a3ca4ba5", "lessThan": "dec2382247860d2134c8d41e103e26460c099629", "versionType": "git"}, {"status": "affected", "version": "df4e817b710809425d899340dbfa8504a3ca4ba5", "lessThan": "8bb592c2eca8fd2bc06db7d80b38da18da4a2f43", "versionType": "git"}], "programFiles": ["mm/page_table_check.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.17"}, {"status": "unaffected", "version": "0", "lessThan": "5.17", "versionType": "semver"}, {"status": "unaffected", "version": "6.1.96", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.36", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.7", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["mm/page_table_check.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/51897f99351fff7b57f4f141940fa93b4e90fd2b"}, {"url": "https://git.kernel.org/stable/c/84d3549d54f5ff9fa3281257be3019386f51d1a0"}, {"url": "https://git.kernel.org/stable/c/dec2382247860d2134c8d41e103e26460c099629"}, {"url": "https://git.kernel.org/stable/c/8bb592c2eca8fd2bc06db7d80b38da18da4a2f43"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/page_table_check: fix crash on ZONE_DEVICE\n\nNot all pages may apply to pgtable check. One example is ZONE_DEVICE\npages: they map PFNs directly, and they don't allocate page_ext at all\neven if there's struct page around. One may reference\ndevm_memremap_pages().\n\nWhen both ZONE_DEVICE and page-table-check enabled, then try to map some\ndax memories, one can trigger kernel bug constantly now when the kernel\nwas trying to inject some pfn maps on the dax device:\n\n kernel BUG at mm/page_table_check.c:55!\n\nWhile it's pretty legal to use set_pxx_at() for ZONE_DEVICE pages for page\nfault resolutions, skip all the checks if page_ext doesn't even exist in\npgtable checker, which applies to ZONE_DEVICE but maybe more."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.96", "versionStartIncluding": "5.17"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.36", "versionStartIncluding": "5.17"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.9.7", "versionStartIncluding": "5.17"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.10", "versionStartIncluding": "5.17"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:18:34.368Z"}}}, "cveMetadata": {"cveId": "CVE-2024-40948", "state": "PUBLISHED", "dateUpdated": "2025-05-04T09:18:34.368Z", "dateReserved": "2024-07-12T12:17:45.591Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-12T12:31:53.478Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D981EF2-39C3-4EA4-A011-B805576488D6", "versionEndExcluding": "6.1.96", "versionStartIncluding": "5.17", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1046C95-860A-45B0-B718-2B29F65BFF10", "versionEndExcluding": "6.6.36", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A047AF2-94AC-4A3A-B32D-6AB930D8EF1C", "versionEndExcluding": "6.9.7", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*", "matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*", "matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*", "matchCriteriaId": "3173713D-909A-4DD3-9DD4-1E171EB057EE", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*", "matchCriteriaId": "79F18AFA-40F7-43F0-BA30-7BDB65F918B9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/page_table_check: fix crash on ZONE_DEVICE\n\nNot all pages may apply to pgtable check. One example is ZONE_DEVICE\npages: they map PFNs directly, and they don't allocate page_ext at all\neven if there's struct page around. One may reference\ndevm_memremap_pages().\n\nWhen both ZONE_DEVICE and page-table-check enabled, then try to map some\ndax memories, one can trigger kernel bug constantly now when the kernel\nwas trying to inject some pfn maps on the dax device:\n\n kernel BUG at mm/page_table_check.c:55!\n\nWhile it's pretty legal to use set_pxx_at() for ZONE_DEVICE pages for page\nfault resolutions, skip all the checks if page_ext doesn't even exist in\npgtable checker, which applies to ZONE_DEVICE but maybe more."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm/page_table_check: corrige el fallo en ZONE_DEVICE Es posible que no todas las p\u00e1ginas se apliquen a la verificaci\u00f3n de pgtable. Un ejemplo son las p\u00e1ginas ZONE_DEVICE: asignan PFN directamente y no asignan page_ext en absoluto, incluso si hay una p\u00e1gina de estructura alrededor. Se puede hacer referencia a devm_memremap_pages(). Cuando tanto ZONE_DEVICE como page-table-check est\u00e1n habilitados, intente asignar algunas memorias dax, uno puede desencadenar un error del kernel constantemente ahora cuando el kernel intenta inyectar algunos mapas pfn en el dispositivo dax: ERROR del kernel en mm/page_table_check.c: 55! Si bien es bastante legal usar set_pxx_at() para p\u00e1ginas ZONE_DEVICE para resoluci\u00f3n de fallas de p\u00e1gina, omita todas las comprobaciones si page_ext ni siquiera existe en pgtable checker, lo que se aplica a ZONE_DEVICE pero tal vez m\u00e1s."}], "id": "CVE-2024-40948", "lastModified": "2025-11-03T22:17:16.877", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-12T13:15:17.187", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/51897f99351fff7b57f4f141940fa93b4e90fd2b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/84d3549d54f5ff9fa3281257be3019386f51d1a0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8bb592c2eca8fd2bc06db7d80b38da18da4a2f43"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dec2382247860d2134c8d41e103e26460c099629"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/51897f99351fff7b57f4f141940fa93b4e90fd2b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/84d3549d54f5ff9fa3281257be3019386f51d1a0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8bb592c2eca8fd2bc06db7d80b38da18da4a2f43"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dec2382247860d2134c8d41e103e26460c099629"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: mm/page_table_check: fix crash on ZONE_DEVICE", "id": "2297532", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297532"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-99", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nmm/page_table_check: fix crash on ZONE_DEVICE\nNot all pages may apply to pgtable check. One example is ZONE_DEVICE\npages: they map PFNs directly, and they don't allocate page_ext at all\neven if there's struct page around. One may reference\ndevm_memremap_pages().\nWhen both ZONE_DEVICE and page-table-check enabled, then try to map some\ndax memories, one can trigger kernel bug constantly now when the kernel\nwas trying to inject some pfn maps on the dax device:\nkernel BUG at mm/page_table_check.c:55!\nWhile it's pretty legal to use set_pxx_at() for ZONE_DEVICE pages for page\nfault resolutions, skip all the checks if page_ext doesn't even exist in\npgtable checker, which applies to ZONE_DEVICE but maybe more."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-40948", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-40948\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-40948\nhttps://lore.kernel.org/linux-cve-announce/2024071222-CVE-2024-40948-e1a6@gregkh/T"], "threat_severity": "Moderate"}

{}