CVE-2024-51729

CVE-2024-51729 is a vulnerability in the Linux kernel's memory management subsystem, specifically affecting the handling of gigantic pages in the `copy_user_gigantic_page()` function. The issue arises when `hugetlb_wp()` passes an unaligned fault address to `copy_user_large_folio()`, which in turn calls `copy_user_gigantic_page()` expecting a huge page size-aligned address. This misalignment can lead to memory corruption or information leakage. The vulnerability is classified under CWE-787 (Out-of-bounds Write) with a CVSS v3.1 base score of 7.8.

A local attacker with low privileges (AV:L/AC:L/PR:L/UI:N/S:U) can exploit this vulnerability due to its low attack complexity and lack of user interaction requirements. Successful exploitation enables high-impact confidentiality, integrity, and availability violations (C:H/I:H/A:H), potentially allowing arbitrary memory corruption or leakage of sensitive data through mishandled gigantic page copies.

Mitigation involves applying the relevant patches from the Linux kernel stable trees, as detailed in the commit fixes: cb12d61361ce769672c7c7bd32107252598cdd8b and f5d09de9f1bf9674c6418ff10d0a40cfe29268e1. These updates ensure aligned addresses are used (renaming the parameter to `addr_hint` for clarity) and resolve the unaligned access issue. Security practitioners should update affected kernel versions promptly.