CVE-2024-57881: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-57881 affects the Linux kernel's memory management subsystem, specifically in the page allocation functionality. The vulnerability was discovered in December 2024 and involves a potential NULL pointer dereference in the splitlargebuddy() function when calling pfntopage() on possibly non-existent Page Frame Numbers (PFNs). This issue affects Linux kernel versions from 6.10 up to (excluding) 6.12.7, and release candidates 6.13-rc1 through 6.13-rc3 (NVD).

The vulnerability occurs in the splitlargebuddy() function where pfntopage() might be called on a PFN that doesn't exist. In specific corner cases, such as when freeing the highest pageblock in the last memory section with CONFIGSPARSEMEM && !CONFIGSPARSEMEMEXTREME configurations, this results in _pfntosection() returning NULL and _sectionmemmapaddr() dereferencing that NULL pointer. The CVSS v3.1 base score is 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD, Kernel Patch).

The vulnerability can lead to system instability through NULL pointer dereference, potentially causing kernel crashes. The impact is primarily on system availability, with no direct impact on confidentiality or integrity. The CVSS scoring indicates high impact on availability but requires local access and low privileges to exploit (NVD).

A fix has been developed and committed to the Linux kernel that modifies the splitlargebuddy() function to avoid calling pfntopage() for the first iteration where the page is already available. The patch has been merged into the mainline kernel and is being backported to affected stable versions. Users should update to Linux kernel version 6.12.7 or later to address this vulnerability (Kernel Patch).