CVE-2024-53105

CVE-2024-53105 is a Linux kernel vulnerability in the memory allocator path. The issue was caused by not clearing the mlocked flag during page freeing, which could lead to a bad page state during free_pages_prepare. The fixed code moves the mlocked flag clearance into free_pages_prepare() within ...

CVE-2024-46847 mm: vmalloc: ensure vmap_block is initialised before adding to queue

In the Linux kernel, the following vulnerability has been resolved: mm: vmalloc: ensure vmapblock is initialised before adding to queue Commit 8c61291fd850 "mm: fix incorrect vbq reference in purgefragmentedblock" extended the 'vmapblock' structure to contain a 'cpu' field which is set at...

CVE-2022-48897 arm64/mm: fix incorrect file_map_count for invalid pmd

In the Linux kernel, the following vulnerability has been resolved: arm64/mm: fix incorrect filemapcount for invalid pmd The page table check trigger BUGON unexpectedly when split hugepage: ------------ cut here ------------ kernel BUG at mm/pagetablecheck.c:119! Internal error: Oops - BUG:...

CVE-2024-42258

In the Linux kernel, the following vulnerability has been resolved: mm: hugememory: use !CONFIG64BIT to relax huge page alignment on 32 bit machines Yves-Alexis Perez reported commit 4ef9ad19e176 "mm: hugememory: don't force huge page alignment on 32 bit" didn't work for x8632 1. It is because...

CVE-2024-42234

In the Linux kernel, the following vulnerability has been resolved: mm: fix crashes from deferred split racing folio migration Even on 6.10-rc6, I've been seeing elusive "Bad page state"s often on flags when freeing, yet the flags shown are not bad: PGlocked had been set and cleared??, and...

CVE-2024-42234 mm: fix crashes from deferred split racing folio migration

In the Linux kernel, the following vulnerability has been resolved: mm: fix crashes from deferred split racing folio migration Even on 6.10-rc6, I've been seeing elusive "Bad page state"s often on flags when freeing, yet the flags shown are not bad: PGlocked had been set and cleared??, and...

CVE-2024-35993

In the Linux kernel, the following vulnerability has been resolved: mm: turn foliotesthugetlb into a PageType The current foliotesthugetlb can be fooled by a concurrent folio split into returning true for a folio which has never belonged to hugetlbfs. This can't happen if the caller holds a...

CVE-2024-35993 mm: turn folio_test_hugetlb into a PageType

In the Linux kernel, the following vulnerability has been resolved: mm: turn foliotesthugetlb into a PageType The current foliotesthugetlb can be fooled by a concurrent folio split into returning true for a folio which has never belonged to hugetlbfs. This can't happen if the caller holds a...