CVE-2024-38543

lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure

Description

In the Linux kernel, the following vulnerability has been resolved: lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure The kcalloc() in dmirror_device_evict_chunk() will return null if the physical memory has run out. As a result, if src_pfns or dst_pfns is dereferenced, the null pointer dereference bug will happen. Moreover, the device is going away. If the kcalloc() fails, the pages mapping a chunk could not be evicted. So add a __GFP_NOFAIL flag in kcalloc(). Finally, as there is no need to have physically contiguous memory, Switch kcalloc() to kvcalloc() in order to avoid failing allocations.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.05%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/1a21fdeea502658e315bd939409b755974f4fb64 patch
https://git.kernel.org/stable/c/65e528a69cb3ed4a286c45b4afba57461c8b5b33 patch
https://git.kernel.org/stable/c/ce47e8ead9a72834cc68431d53f8092ce69bebb7 patch
https://git.kernel.org/stable/c/3b20d18f475bd17309db640dbe7d7c7ebb5bc2bc patch
https://git.kernel.org/stable/c/c2af060d1c18beaec56351cf9c9bcbbc5af341a3 patch

Frequently Asked Questions

What is the severity of CVE-2024-38543?
CVE-2024-38543 has been scored as a medium severity vulnerability.
How to fix CVE-2024-38543?
To fix CVE-2024-38543, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-38543 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-38543 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-38543?
CVE-2024-38543 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.