Cyber Resilience

CVE-2024-52319

High

Published: 11 January 2025

Published
11 January 2025
Modified
23 September 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 2.7th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-52319 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 2.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-52319 is a vulnerability in the Linux kernel's memory management subsystem, specifically affecting the handling of huge pages in hugetlb_no_page(). The issue arises when hugetlb_no_page() passes a fault address that may not be aligned to the huge page size to folio_zero_user(), which in turn can invoke clear_gigantic_page(). This function expects a huge page size-aligned address, and passing an unaligned one can lead to memory corruption or information leakage. The vulnerability is classified under CWE-787 (Out-of-bounds Write) with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

A local attacker with low privileges (PR:L) can exploit this vulnerability without user interaction. By triggering a page fault in a context involving gigantic huge pages, the attacker can cause clear_gigantic_page() to operate on an unaligned address, potentially resulting in arbitrary memory corruption or leakage of sensitive kernel memory contents. The high impact scores across confidentiality, integrity, and availability indicate severe consequences, such as kernel crashes, privilege escalation, or exposure of other processes' data.

The provided references point to kernel patch commits that resolve the issue by ensuring an aligned address is used in clear_gigantic_page() and renaming the parameter from 'addr' to 'addr_hint' for clarity. Security practitioners should apply these patches from the stable kernel branches (e.g., commits 8aca2bc96c833ba695ede7a45ad7784c836a262e and b79b6fe0737f233f0be1465052b7f0e75f324735) to mitigate the vulnerability in affected Linux distributions.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: mm: use aligned address in clear_gigantic_page() In current kernel, hugetlb_no_page() calls folio_zero_user() with the fault address. Where the fault address may be not aligned with the huge page size. Then,…

more

folio_zero_user() may call clear_gigantic_page() with the address, while clear_gigantic_page() requires the address to be huge page size aligned. So, this may cause memory corruption or information leak, addtional, use more obvious naming 'addr_hint' instead of 'addr' for clear_gigantic_page().

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local kernel memory corruption vulnerability directly enables exploitation for privilege escalation via page fault handling in hugetlb.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-71137Same product: Linux Linux Kernel
CVE-2026-31772Same product: Linux Linux Kernel
CVE-2026-23378Same product: Linux Linux Kernel
CVE-2026-31494Same product: Linux Linux Kernel
CVE-2025-21735Same product: Linux Linux Kernel
CVE-2025-21650Same product: Linux Linux Kernel
CVE-2024-58003Same product: Linux Linux Kernel
CVE-2026-23343Same product: Linux Linux Kernel
CVE-2026-23092Same product: Linux Linux Kernel
CVE-2026-43500Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
6.13 · 6.11 — 6.12.7

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 mandates timely remediation of identified flaws, directly addressing CVE-2024-52319 by applying Linux kernel patches to fix unaligned address handling in clear_gigantic_page().

detect

RA-5 requires periodic vulnerability scanning to identify systems affected by kernel vulnerabilities like CVE-2024-52319, enabling prompt patching.

prevent

SI-16 enforces memory protections such as kernel address randomization and supervisor protections that mitigate exploitation of memory corruption in huge page handling.

References