{"vulnerability": "CVE-2024-57945", "sightings": [{"uuid": "93f9f41f-5be5-4071-983e-c6e204b43d26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-57945", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgawqq3hpg2h", "content": "", "creation_timestamp": "2025-01-21T13:15:57.213982Z"}, {"uuid": "e2e8d1b6-6e16-489e-9344-c7b3313d40f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-57945", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113866401056935021", "content": "", "creation_timestamp": "2025-01-21T12:43:15.722153Z"}, {"uuid": "ee1dce75-2f8f-4782-823c-1130f31270f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-57945", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgay2sunrx2g", "content": "", "creation_timestamp": "2025-01-21T13:39:30.207723Z"}, {"uuid": "40335960-f288-4124-94cf-644fc03fd55f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2024-57945", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "ea688d21-5f77-42eb-81b5-b52aca816278", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-57945", "type": "seen", "source": "https://t.me/cvedetector/15937", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-57945 - \"Riscv Linux Kernel Out-of-Bounds Memory Access Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-57945 \nPublished : Jan. 21, 2025, 1:15 p.m. | 42\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nriscv: mm: Fix the out of bound issue of vmemmap address  \n  \nIn sparse vmemmap model, the virtual address of vmemmap is calculated as:  \n((struct page *)VMEMMAP_START - (phys_ram_base >> PAGE_SHIFT)).  \nAnd the struct page's va can be calculated with an offset:  \n(vmemmap + (pfn)).  \n  \nHowever, when initializing struct pages, kernel actually starts from the  \nfirst page from the same section that phys_ram_base belongs to. If the  \nfirst page's physical address is not (phys_ram_base >> PAGE_SHIFT), then  \nwe get an va below VMEMMAP_START when calculating va for it's struct page.  \n  \nFor example, if phys_ram_base starts from 0x82000000 with pfn 0x82000, the  \nfirst page in the same section is actually pfn 0x80000. During  \ninit_unavailable_range(), we will initialize struct page for pfn 0x80000  \nwith virtual address ((struct page *)VMEMMAP_START - 0x2000), which is  \nbelow VMEMMAP_START as well as PCI_IO_END.  \n  \nThis commit fixes this bug by introducing a new variable  \n'vmemmap_start_pfn' which is aligned with memory section size and using  \nit to calculate vmemmap address instead of phys_ram_base. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-21T15:17:16.000000Z"}]}