{"id":"CVE-2024-53113","summary":"mm: fix NULL pointer dereference in alloc_pages_bulk_noprof","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm: fix NULL pointer dereference in alloc_pages_bulk_noprof\n\nWe triggered a NULL pointer dereference for ac.preferred_zoneref-\u003ezone in\nalloc_pages_bulk_noprof() when the task is migrated between cpusets.\n\nWhen cpuset is enabled, in prepare_alloc_pages(), ac-\u003enodemask may be\n&current-\u003emems_allowed.  when first_zones_zonelist() is called to find\npreferred_zoneref, the ac-\u003enodemask may be modified concurrently if the\ntask is migrated between different cpusets.  Assuming we have 2 NUMA Node,\nwhen traversing Node1 in ac-\u003ezonelist, the nodemask is 2, and when\ntraversing Node2 in ac-\u003ezonelist, the nodemask is 1.  As a result, the\nac-\u003epreferred_zoneref points to NULL zone.\n\nIn alloc_pages_bulk_noprof(), for_each_zone_zonelist_nodemask() finds a\nallowable zone and calls zonelist_node_idx(ac.preferred_zoneref), leading\nto NULL pointer dereference.\n\n__alloc_pages_noprof() fixes this issue by checking NULL pointer in commit\nea57485af8f4 (\"mm, page_alloc: fix check for NULL preferred_zone\") and\ncommit df76cee6bbeb (\"mm, page_alloc: remove redundant checks from alloc\nfastpath\").\n\nTo fix it, check NULL pointer for preferred_zoneref-\u003ezone.","modified":"2026-04-02T12:22:48.508160Z","published":"2024-12-02T13:44:45.419Z","related":["ALSA-2025:2627","MGASA-2024-0392","MGASA-2024-0393","SUSE-SU-2025:0117-1","SUSE-SU-2025:0153-1","SUSE-SU-2025:0154-1","SUSE-SU-2025:0201-1","SUSE-SU-2025:0201-2","SUSE-SU-2025:0229-1","SUSE-SU-2025:0289-1","SUSE-SU-2025:20165-1","SUSE-SU-2025:20166-1","SUSE-SU-2025:20248-1","SUSE-SU-2025:20249-1","USN-7276-1","USN-7277-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53113.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/31502374627ba9ec3e710dbd0bb00457cc6d2c19"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6addb2d9501ec866d7b3a3b4e665307c437e9be2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8ce41b0f9d77cca074df25afd39b86e2ee3aa68e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/903d896448c2e50e8652aaba529a30d4d1eaa0e5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d0f16cec79774c3132df006cf771eddd89d08f58"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53113.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53113"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"387ba26fb1cb9be9e35dc14a6d97188e916eda05"},{"fixed":"903d896448c2e50e8652aaba529a30d4d1eaa0e5"},{"fixed":"6addb2d9501ec866d7b3a3b4e665307c437e9be2"},{"fixed":"d0f16cec79774c3132df006cf771eddd89d08f58"},{"fixed":"31502374627ba9ec3e710dbd0bb00457cc6d2c19"},{"fixed":"8ce41b0f9d77cca074df25afd39b86e2ee3aa68e"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-53113.json"}}],"schema_version":"1.7.5"}