Описание
[REJECTED CVE] A vulnerability in the Linux kernel's memory management (mm/page_alloc) has been identified, where GFP_ATOMIC order-0 allocations could fail under memory pressure, despite available highatomic reserves. This issue caused packet loss in high-performance networking environments, as observed on Cloudflare's fleet. An attacker could theoretically exploit this by inducing high memory contention, potentially impacting real-time operations. However, since the fix ensures proper fallback behavior without introducing a security risk, the issue has been rejected as a CVE.
Отчет
This CVE has been rejected upstream: https://lore.kernel.org/linux-cve-announce/2024111115-REJECTED-9c6e@gregkh/
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 7 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Out of support scope | ||
| Red Hat Enterprise Linux 8 | kernel | Will not fix | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Will not fix | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Will not fix | ||
| Red Hat Enterprise Linux 9 | kernel | Fixed | RHSA-2025:6966 | 13.05.2025 |
| Red Hat Enterprise Linux 9 | kernel | Fixed | RHSA-2025:6966 | 13.05.2025 |
Показывать по
Дополнительная информация
Статус:
5.5 Medium
CVSS3
Связанные уязвимости
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
In the Linux kernel, the following vulnerability has been resolved: mm/page_alloc: let GFP_ATOMIC order-0 allocs access highatomic reserves Under memory pressure it's possible for GFP_ATOMIC order-0 allocations to fail even though free pages are available in the highatomic reserves. GFP_ATOMIC allocations cannot trigger unreserve_highatomic_pageblock() since it's only run from reclaim. Given that such allocations will pass the watermarks in __zone_watermark_unusable_free(), it makes sense to fallback to highatomic reserves the same way that ALLOC_OOM can. This fixes order-0 page allocation failures observed on Cloudflare's fleet when handling network packets: kswapd1: page allocation failure: order:0, mode:0x820(GFP_ATOMIC), nodemask=(null),cpuset=/,mems_allowed=0-7 CPU: 10 PID: 696 Comm: kswapd1 Kdump: loaded Tainted: G O 6.6.43-CUSTOM #1 Hardware name: MACHINE Call Trace: <IRQ> dump_stack_lvl+0x3c/0x50 warn_alloc+0x13a/0x1c0 __alloc_pages_slow...
ELSA-2024-12887: Unbreakable Enterprise kernel security update (IMPORTANT)
5.5 Medium
CVSS3