LiveActive security incident?Get immediate response
CVE Record

CVE-2024-45022: mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0

In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0 The __vmap_pages_range_noflush() assumes its argument pages** contains pages with the same page shift. However, since commit e9c3cda4d86e ("mm, vmalloc: fix high order __GFP_NOFAIL allocations"), if gfp_flags includes __GFP_NOFAIL with high order in vm_area_alloc_pages() and page allocation failed for high order, the pages** may contain two different page shifts (high order and order-0). This could lead __vmap_pages_range_noflush() to perform incorrect mappings, potentially resulting in memory corruption. Users might encounter this as follows (vmap_allow_huge = true, 2M is for PMD_SIZE): kvmalloc(2M, __GFP_NOFAIL|GFP_X) __vmalloc_node_range_noprof(vm_flags=VM_ALLOW_HUGE_VMAP) vm_area_alloc_pages(order=9) ---> order-9 allocation failed and fallback to order-0 vmap_pages_range() vmap_pages_range_noflush() __vmap_pages_range_noflush(page_shift = 21) ----> wrong mapping happens We can remove the fallback code because if a high-order allocation fails, __vmalloc_node_range_noprof() will retry with order-0. Therefore, it is unnecessary to fallback to order-0 here. Therefore, fix this by removing the fallback code.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

CVE-2024-45022 is a Linux kernel memory-mapping flaw in vmalloc handling. Under specific high-order allocation fallback conditions, the kernel may map pages incorrectly and corrupt memory. The sources do not provide CVSS, CWE, or active exploitation evidence, so urgency depends on exposed Linux kernel versions and vendor patch availability.

Executive priority

Treat this as a kernel patch-management item with moderate priority. It can cause memory corruption, but the provided evidence does not show active exploitation or broad remote attackability. Prioritize internet-facing, multi-tenant, and high-availability Linux fleets after confirming vendor exposure.

Technical view

The bug occurs when vm_area_alloc_pages() falls back from high-order pages to order-0 while __vmap_pages_range_noflush() assumes a uniform page shift. This mismatch can produce incorrect mappings and memory corruption. The kernel fix removes the unnecessary fallback path because the caller retries with order-0.

Likely exposure

Exposure is limited to Linux systems running affected kernel versions or vendor kernels that include the vulnerable vmalloc fallback behavior. The bundle lists Linux as affected and references stable kernel fixes plus a Debian LTS announcement. Confirm exposure through exact kernel package and backport status, not version strings alone.

Exploitation context

No provided source reports exploitation in the wild, and the KEV flag is false. The described trigger requires a specific kernel allocation path involving high-order __GFP_NOFAIL vmalloc behavior. Public sources here describe the defect and fix, not attacker use or a weaponized exploit.

Researcher notes

Focus analysis on vmalloc users that can request high-order allocations with __GFP_NOFAIL and VM_ALLOW_HUGE_VMAP. The source bundle does not establish exploitability boundaries, privilege requirements, or affected distro package ranges beyond referenced stable fixes and Debian LTS guidance.

Mitigation direction

  • Update to a vendor kernel containing the referenced stable fixes.
  • For Debian LTS systems, review and apply the Debian advisory packages.
  • Track Linux distribution advisories for backported fixes.
  • Avoid relying on upstream version numbers without package backport verification.
  • If no vendor update exists, request vendor guidance for interim risk handling.

Validation and detection

  • Inventory Linux kernel versions and distribution package release levels.
  • Check whether the relevant stable fix commits are included or backported.
  • Compare Debian systems against the cited Debian LTS announcement.
  • Confirm affected hosts rebooted into the updated kernel.
  • Document any unsupported kernels that cannot receive vendor fixes.
Prepared
Confidence
medium
Sources
7

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2024-45022 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
2ADP providers
6Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
other:ssvc
CVECVE Program Container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinuxfe5c2bdcb14c8612eb5e7a09159801c7219e9ac4, e9c3cda4d86e56bf7fe403729f38c4f0f65d3860, e9c3cda4d86e56bf7fe403729f38c4f0f65d3860, e9c3cda4d86e56bf7fe403729f38c4f0f65d3860, 6.1.95unaffected
LinuxLinux6.3, 0, 6.1.107, 6.6.48, 6.10.7, 6.11affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.