kernel: mm/page_alloc: clear page->private in free_pages_prepare()

A flaw was found in the Linux kernel's memory management subsystem. When pages are freed, the page-private field is not properly cleared. If these pages are later reallocated as high-order pages and split, the tail pages can retain stale page-private values. This can lead to a use-after-free...

CVE-2026-43303

The CVE-2026-43303 issue affects the Linux kernel’s memory management in mm/page_alloc. Subsystems such as slub, shmem, and ttm expose page->private and fail to clear it before freeing pages. If freed pages are later allocated as high-order pages and split, tail pages may retain stale page-&gt...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: mm/vmscan: Fixed handling of hwpoisoned large folio entries in shrinkfoliolist. In shrinkfoliolist, the hwpoisoned folio might be a large folio, which cannot be handled by unmappoisonedfolio. For THP, trytounmapone must be called...

UBUNTU-CVE-2022-50517

In the Linux kernel, the following vulnerability has been resolved: mm/hugememory: do not clobber swpentryt during THP split The following has been observed when running stressng mmap since commit b653db77350c "mm: Clear page-private when splitting or migrating a page" watchdog: BUG: soft lockup ...

UBUNTU-CVE-2022-48802

In the Linux kernel, the following vulnerability has been resolved: fs/proc: taskmmu.c: don't read mapcount for migration entry The syzbot reported the below BUG: kernel BUG at include/linux/page-flags.h:785! invalid opcode: 0000 1 PREEMPT SMP KASAN CPU: 1 PID: 4392 Comm: syz-executor560 Not...

kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check

An issue was discovered in splithugepmd in mm/hugememory.c in the Linux kernel. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check...