How severe is CVE-2024-39477?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2024-39477?

This is classified as CWE-770, which is a common weakness in software security.

CVE-2024-39477 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: do not call vma_add_reservation upon ENOMEM sysbot reported a splat [1] on __unmap_hugepage_range(). This is because vma_needs_reservation() can return -ENOMEM if allocate_file_region_entries() fails to allocate the file_region struct for the reservation. Check for that and do not call vma_add_reservation() if that is the case, otherwise region_abort() and region_del() will see that we do not have any file_regions. If we detect that vma_needs_reservation() returned -ENOMEM, we clear the hugetlb_restore_reserve flag as if this reservation was still consumed, so free_huge_folio() will not increment the resv count. [1] https://lore.kernel.org/linux-mm/[email protected]/T/#ma5983bc1ab18a54910da83416b3f89f3c7ee43aa

Related Vulnerabilities

CVE-2017-0771

MEDIUM

CVSS:5.5(Medium)

A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-37624243.

CWE-7702017

CVE-2017-12144

MEDIUM

CVSS:5.5(Medium)

In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.

CWE-7702017

CVE-2017-13716

MEDIUM

CVSS:5.5(Medium)

The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application cra...

CWE-7702017

CVE-2017-14938

MEDIUM

CVSS:5.5(Medium)

_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive me...

CWE-7702017

CVE-2017-2587

MEDIUM

CVSS:5.5(Medium)

A memory allocation vulnerability was found in netpbm before 10.61. A maliciously crafted SVG file could cause the application to crash.

CWE-7702017

CVE-2017-9039

MEDIUM

CVSS:5.5(Medium)

GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c.

CWE-7702017