CVE-2021-47491

2024-05-2209:15:10

Debian Security Bug Tracker

security-tracker.debian.org

cve-2021-47491

khugepaged

huge page collapse

special files

unix

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.6%

JSON

In the Linux kernel, the following vulnerability has been resolved: mm: khugepaged: skip huge page collapse for special files The read-only THP for filesystems will collapse THP for files opened readonly and mapped with VM_EXEC. The intended usecase is to avoid TLB misses for large text segments. But it doesn’t restrict the file types so a THP could be collapsed for a non-regular file, for example, block device, if it is opened readonly and mapped with EXEC permission. This may cause bugs, like [1] and [2]. This is definitely not the intended usecase, so just collapse THP for regular files in order to close the attack surface. [[email protected]: fix vm_file check [3]]

OSVersionArchitecturePackageVersionFilename
Debian12alllinux< 5.15.3-1linux_5.15.3-1_all.deb
Debian11alllinux< 5.10.84-1linux_5.10.84-1_all.deb
Debian10alllinux< 4.19.249-2linux_4.19.249-2_all.deb
Debian999alllinux< 5.15.3-1linux_5.15.3-1_all.deb
Debian13alllinux< 5.15.3-1linux_5.15.3-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	linux	< 5.15.3-1	linux_5.15.3-1_all.deb
Debian	11	all	linux	< 5.10.84-1	linux_5.10.84-1_all.deb
Debian	10	all	linux	< 4.19.249-2	linux_4.19.249-2_all.deb
Debian	999	all	linux	< 5.15.3-1	linux_5.15.3-1_all.deb
Debian	13	all	linux	< 5.15.3-1	linux_5.15.3-1_all.deb