CVE-2024-35846

Published: May 17, 2024

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix shrinker NULL crash with cgroup_disable=memory Christian reports a NULL deref in zswap that he bisected down to the zswap shrinker. The issue also cropped up in the bug trackers of libguestfs [1] and the Red Hat bugzilla [2]. The problem is that when memcg is disabled with the boot time flag, the zswap shrinker might get called with sc->memcg == NULL. This is okay in many places, like the lruvec operations. But it crashes in memcg_page_state() - which is only used due to the non-node accounting of cgroup's the zswap memory to begin with. Nhat spotted that the memcg can be NULL in the memcg-disabled case, and I was then able to reproduce the crash locally as well. [1] https://github.com/libguestfs/libguestfs/issues/139 [2] https://bugzilla.redhat.com/show_bug.cgi?id=2275252

Vendor	Product	Versions
Linux	Linux	affected `b5ba474f3f518701249598b35c581b92a3c95b48 - < b0fdabc908a7f81d12382c87ca9e46a9c2e14042` affected `b5ba474f3f518701249598b35c581b92a3c95b48 - < 682886ec69d22363819a83ddddd5d66cb5c791e1`
Linux	Linux	affected `6.8` unaffected `0 - < 6.8` unaffected `6.8.9 - <= 6.8.` unaffected `6.9 - <= `

References

https://git.kernel.org/stable/c/b0fdabc908a7f81d12382c87ca9e46a9c2e14042

https://git.kernel.org/stable/c/682886ec69d22363819a83ddddd5d66cb5c791e1

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-35846

Description

Affected Products

References