VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-tpxk-adfg-suba

Essentials
Severities (8)
References (20)
Severity details (5)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-tpxk-adfg-suba
Aliases	CVE-2024-41031
Summary	In the Linux kernel, the following vulnerability has been resolved: mm/filemap: skip to create PMD-sized page cache if needed On ARM64, HPAGE_PMD_ORDER is 13 when the base page size is 64KB. The PMD-sized page cache can't be supported by xarray as the following error messages indicate. ------------[ cut here ]------------ WARNING: CPU: 35 PID: 7484 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128 Modules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib \ nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct \ nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 \ ip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm \ fuse xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 \ sha1_ce virtio_net net_failover virtio_console virtio_blk failover \ dimlib virtio_mmio CPU: 35 PID: 7484 Comm: test Kdump: loaded Tainted: G W 6.10.0-rc5-gavin+ #9 Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024 pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : xas_split_alloc+0xf8/0x128 lr : split_huge_page_to_list_to_order+0x1c4/0x720 sp : ffff800087a4f6c0 x29: ffff800087a4f6c0 x28: ffff800087a4f720 x27: 000000001fffffff x26: 0000000000000c40 x25: 000000000000000d x24: ffff00010625b858 x23: ffff800087a4f720 x22: ffffffdfc0780000 x21: 0000000000000000 x20: 0000000000000000 x19: ffffffdfc0780000 x18: 000000001ff40000 x17: 00000000ffffffff x16: 0000018000000000 x15: 51ec004000000000 x14: 0000e00000000000 x13: 0000000000002000 x12: 0000000000000020 x11: 51ec000000000000 x10: 51ece1c0ffff8000 x9 : ffffbeb961a44d28 x8 : 0000000000000003 x7 : ffffffdfc0456420 x6 : ffff0000e1aa6eb8 x5 : 20bf08b4fe778fca x4 : ffffffdfc0456420 x3 : 0000000000000c40 x2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000 Call trace: xas_split_alloc+0xf8/0x128 split_huge_page_to_list_to_order+0x1c4/0x720 truncate_inode_partial_folio+0xdc/0x160 truncate_inode_pages_range+0x1b4/0x4a8 truncate_pagecache_range+0x84/0xa0 xfs_flush_unmap_range+0x70/0x90 [xfs] xfs_file_fallocate+0xfc/0x4d8 [xfs] vfs_fallocate+0x124/0x2e8 ksys_fallocate+0x4c/0xa0 __arm64_sys_fallocate+0x24/0x38 invoke_syscall.constprop.0+0x7c/0xd8 do_el0_svc+0xb4/0xd0 el0_svc+0x44/0x1d8 el0t_64_sync_handler+0x134/0x150 el0t_64_sync+0x17c/0x180 Fix it by skipping to allocate PMD-sized page cache when its size is larger than MAX_PAGECACHE_ORDER. For this specific case, we will fall to regular path where the readahead window is determined by BDI's sysfs file (read_ahead_kb).
Status	Published
Exploitability	0.5
Weighted Severity	5.0
Risk	2.5
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-99

Improper Control of Resource Identifiers ('Resource Injection')

System	Score	Found at
cvssv3	5.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41031.json
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2024-41031
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2024-41031
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2024-41031
cvssv3.1	3.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
ssvc	Track	https://git.kernel.org/stable/c/06b5a69c27ec405a3c3f2da8520ff1ee70b94a21
ssvc	Track	https://git.kernel.org/stable/c/1ef650d3b1b2a16473981b447f38705fe9b93972
ssvc	Track	https://git.kernel.org/stable/c/3390916aca7af1893ed2ebcdfee1d6fdb65bb058

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41031.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-41031
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
06b5a69c27ec405a3c3f2da8520ff1ee70b94a21		https://git.kernel.org/stable/c/06b5a69c27ec405a3c3f2da8520ff1ee70b94a21
1ef650d3b1b2a16473981b447f38705fe9b93972		https://git.kernel.org/stable/c/1ef650d3b1b2a16473981b447f38705fe9b93972
2300395		https://bugzilla.redhat.com/show_bug.cgi?id=2300395
3390916aca7af1893ed2ebcdfee1d6fdb65bb058		https://git.kernel.org/stable/c/3390916aca7af1893ed2ebcdfee1d6fdb65bb058
RHSA-2024:10771		https://access.redhat.com/errata/RHSA-2024:10771
RHSA-2024:6744		https://access.redhat.com/errata/RHSA-2024:6744
RHSA-2024:6745		https://access.redhat.com/errata/RHSA-2024:6745
USN-7089-1		https://usn.ubuntu.com/7089-1/
USN-7089-2		https://usn.ubuntu.com/7089-2/
USN-7089-3		https://usn.ubuntu.com/7089-3/
USN-7089-4		https://usn.ubuntu.com/7089-4/
USN-7089-5		https://usn.ubuntu.com/7089-5/
USN-7089-6		https://usn.ubuntu.com/7089-6/
USN-7089-7		https://usn.ubuntu.com/7089-7/
USN-7090-1		https://usn.ubuntu.com/7090-1/
USN-7095-1		https://usn.ubuntu.com/7095-1/
USN-7156-1		https://usn.ubuntu.com/7156-1/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41031.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T16:23:47Z/ Found at https://git.kernel.org/stable/c/06b5a69c27ec405a3c3f2da8520ff1ee70b94a21

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T16:23:47Z/ Found at https://git.kernel.org/stable/c/1ef650d3b1b2a16473981b447f38705fe9b93972

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T16:23:47Z/ Found at https://git.kernel.org/stable/c/3390916aca7af1893ed2ebcdfee1d6fdb65bb058

Exploit Prediction Scoring System (EPSS)

Percentile	0.04936
EPSS Score	0.00018
Published At	June 5, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-04T16:51:06.586490+00:00	Debian Importer	Import	https://security-tracker.debian.org/tracker/data/json	38.6.0