CVE-2024-39474: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-39474 affects the Linux kernel's memory management subsystem, specifically related to vmalloc functionality. The vulnerability was discovered when a conflict emerged between two commits: a421ef303008 ("mm: allow !GFPKERNEL allocations for kvmalloc") and dd544141b9eb ("vmalloc: back off when the current task is OOM-killed"). This issue could cause vmalloc to return NULL even when called with _GFP_NOFAIL flag, which should never happen (Kernel Patch).

The vulnerability occurs in the vmareaallocpages() function where a process calling _vmallocnoderange with GFPKERNEL | _GFPNOFAIL flags could have its allocation fail if the OOM killer sends a SIGKILL signal to the process. The code would check fatalsignalpending() and break the allocation loop, returning NULL, despite the _GFP_NOFAIL flag indicating that the allocation must not fail. The CVSS v3.1 base score for this vulnerability is 5.5 MEDIUM (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) (NVD).

When exploited, this vulnerability can lead to a kernel panic through NULL pointer dereference, particularly affecting systems using erofs filesystem which assumes kvmalloc with _GFPNOFAIL never returns NULL. This can result in system crashes and denial of service conditions (Kernel Patch).

The issue has been fixed by modifying the vmareaallocpages() function to not check fatalsignalpending() when _GFP_NOFAIL is set. The fix has been incorporated into various Linux kernel versions including 6.1.119-1~deb11u1 for Debian 11 and other distributions (Debian LTS).