Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News
Sign In Sign Up

CVE-2024-35993

UNKNOWN
Published 2024-05-20T09:47:57.739Z
Actions:
No CVSS data available

Description

In the Linux kernel, the following vulnerability has been resolved:

mm: turn folio_test_hugetlb into a PageType

The current folio_test_hugetlb() can be fooled by a concurrent folio split
into returning true for a folio which has never belonged to hugetlbfs.
This can't happen if the caller holds a refcount on it, but we have a few
places (memory-failure, compaction, procfs) which do not and should not
take a speculative reference.

Since hugetlb pages do not use individual page mapcounts (they are always
fully mapped and use the entire_mapcount field to record the number of
mappings), the PageType field is available now that page_mapcount()
ignores the value in this field.

In compaction and with CONFIG_DEBUG_VM enabled, the current implementation
can result in an oops, as reported by Luis. This happens since 9c5ccf2db04b
("mm: remove HUGETLB_PAGE_DTOR") effectively added some VM_BUG_ON() checks
in the PageHuge() testing path.

[[email protected]: update vmcoreinfo]

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Linux

Linux

Affected Versions:

9c5ccf2db04b8d7c3df363fdd4856c2b79ab2c6a 9c5ccf2db04b8d7c3df363fdd4856c2b79ab2c6a 9c5ccf2db04b8d7c3df363fdd4856c2b79ab2c6a
Linux

Linux

Affected Versions:

6.6 0 6.6.30 6.8.9 6.9

References

https://git.kernel.org/stable/c/2431b5f2650dfc47ce782d1ca7b02d6b3916976f
https://git.kernel.org/stable/c/9fdcc5b6359dfdaa52a55033bf50e2cedd66eb32
https://git.kernel.org/stable/c/d99e3140a4d33e26066183ff727d8f02f56bec64
Published: 2024-05-20T09:47:57.739Z
Last Modified: 2025-05-04T09:10:06.359Z
Copied to clipboard!