CVE-2024-45022: mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0
In the Linux kernel, the following vulnerability has been resolved:
mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0
The __vmap_pages_range_noflush() assumes its argument pages** contains
pages with the same page shift. However, since commit e9c3cda4d86e ("mm,
vmalloc: fix high order __GFP_NOFAIL allocations"), if gfp_flags includes
__GFP_NOFAIL with high order in vm_area_alloc_pages() and page allocation
failed for high order, the pages** may contain two different page shifts
(high order and order-0). This could lead __vmap_pages_range_noflush() to
perform incorrect mappings, potentially resulting in memory corruption.
Users might encounter this as follows (vmap_allow_huge = true, 2M is for
PMD_SIZE):
kvmalloc(2M, __GFP_NOFAIL|GFP_X)
__vmalloc_node_range_noprof(vm_flags=VM_ALLOW_HUGE_VMAP)
vm_area_alloc_pages(order=9) ---> order-9 allocation failed and fallback to order-0
vmap_pages_range()
vmap_pages_range_noflush()
__vmap_pages_range_noflush(page_shift = 21) ----> wrong mapping happens
We can remove the fallback code because if a high-order allocation fails,
__vmalloc_node_range_noprof() will retry with order-0. Therefore, it is
unnecessary to fallback to order-0 here. Therefore, fix this by removing
the fallback code.
Security readout for executives and security teams
Plain-English summary
CVE-2024-45022 is a Linux kernel memory-mapping flaw in vmalloc handling. Under specific high-order allocation fallback conditions, the kernel may map pages incorrectly and corrupt memory. The sources do not provide CVSS, CWE, or active exploitation evidence, so urgency depends on exposed Linux kernel versions and vendor patch availability.
Executive priority
Treat this as a kernel patch-management item with moderate priority. It can cause memory corruption, but the provided evidence does not show active exploitation or broad remote attackability. Prioritize internet-facing, multi-tenant, and high-availability Linux fleets after confirming vendor exposure.
Technical view
The bug occurs when vm_area_alloc_pages() falls back from high-order pages to order-0 while __vmap_pages_range_noflush() assumes a uniform page shift. This mismatch can produce incorrect mappings and memory corruption. The kernel fix removes the unnecessary fallback path because the caller retries with order-0.
Likely exposure
Exposure is limited to Linux systems running affected kernel versions or vendor kernels that include the vulnerable vmalloc fallback behavior. The bundle lists Linux as affected and references stable kernel fixes plus a Debian LTS announcement. Confirm exposure through exact kernel package and backport status, not version strings alone.
Exploitation context
No provided source reports exploitation in the wild, and the KEV flag is false. The described trigger requires a specific kernel allocation path involving high-order __GFP_NOFAIL vmalloc behavior. Public sources here describe the defect and fix, not attacker use or a weaponized exploit.
Researcher notes
Focus analysis on vmalloc users that can request high-order allocations with __GFP_NOFAIL and VM_ALLOW_HUGE_VMAP. The source bundle does not establish exploitability boundaries, privilege requirements, or affected distro package ranges beyond referenced stable fixes and Debian LTS guidance.
Mitigation direction
Update to a vendor kernel containing the referenced stable fixes.
For Debian LTS systems, review and apply the Debian advisory packages.
Track Linux distribution advisories for backported fixes.
Avoid relying on upstream version numbers without package backport verification.
If no vendor update exists, request vendor guidance for interim risk handling.
Validation and detection
Inventory Linux kernel versions and distribution package release levels.
Check whether the relevant stable fix commits are included or backported.
Compare Debian systems against the cited Debian LTS announcement.
Confirm affected hosts rebooted into the updated kernel.
Document any unsupported kernels that cannot receive vendor fixes.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2024-45022 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.