CVE-2024-35987

Published: May 20, 2024

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: riscv: Fix loading 64-bit NOMMU kernels past the start of RAM commit 3335068f8721 ("riscv: Use PUD/P4D/PGD pages for the linear mapping") added logic to allow using RAM below the kernel load address. However, this does not work for NOMMU, where PAGE_OFFSET is fixed to the kernel load address. Since that range of memory corresponds to PFNs below ARCH_PFN_OFFSET, mm initialization runs off the beginning of mem_map and corrupts adjacent kernel memory. Fix this by restoring the previous behavior for NOMMU kernels.

Vendor	Product	Versions
Linux	Linux	affected `3335068f87217ea59d08f462187dc856652eea15 - < b008e327fa570aca210f98c817757649bae56694` affected `3335068f87217ea59d08f462187dc856652eea15 - < ea6628e4e2353978af7e3b4ad4fdaab6149acf3d` affected `3335068f87217ea59d08f462187dc856652eea15 - < aea702dde7e9876fb00571a2602f25130847bf0f`
Linux	Linux	affected `6.4` unaffected `0 - < 6.4` unaffected `6.6.30 - <= 6.6.` unaffected `6.8.9 - <= 6.8.` unaffected `6.9 - <= *`

References

https://git.kernel.org/stable/c/b008e327fa570aca210f98c817757649bae56694

https://git.kernel.org/stable/c/ea6628e4e2353978af7e3b4ad4fdaab6149acf3d

https://git.kernel.org/stable/c/aea702dde7e9876fb00571a2602f25130847bf0f

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-35987

Description

Affected Products

References