In the Linux kernel, the following vulnerability has been resolved: mm: khugepaged: skip huge page collapse for special files The read-only THP for filesystems will collapse THP for files opened readonly and mapped with VM_EXEC. The intended usecase is to avoid TLB misses for large text segments. But it doesn’t restrict the file types so a THP could be collapsed for a non-regular file, for example, block device, if it is opened readonly and mapped with EXEC permission. This may cause bugs, like [1] and [2]. This is definitely not the intended usecase, so just collapse THP for regular files in order to close the attack surface. [[email protected]: fix vm_file check [3]]
git.kernel.org/linus/a4aeaa06d45e90f9b279f0b09de84bd00006e733
git.kernel.org/stable/c/5fcb6fce74ffa614d964667110cf1a516c48c6d9
git.kernel.org/stable/c/6d67b2a73b8e3a079c355bab3c1aef7d85a044b8
git.kernel.org/stable/c/a4aeaa06d45e90f9b279f0b09de84bd00006e733
ubuntu.com/security/CVE-2021-47491
www.cve.org/CVERecord?id=CVE-2021-47491