6 matches found
CVE-2025-38447
CVE-2025-38447: Linux kernel mm/rmap batched unmap could read past PTE table end. Root cause: batched unmap in try_to_unmap_one() could read beyond PTE table when a folio’s mappings span >1 page. Fix: refactor into folio_unmap_pte_batch(), compute a safe batch size capped by VMA and PMD bounda...
CVE-2025-38085
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix hugepmdunshare vs GUP-fast race hugepmdunshare drops a reference on a page table that may have previously been shared across processes, potentially turning it into a normal page table used in another process in...
CVE-2023-52935
In the Linux kernel, the following vulnerability has been resolved: mm/khugepaged: fix -anonvma race If an -anonvma is attached to the VMA, collapseandfreepmd requires it to be locked. Page table traversal is allowed under any one of the mmap lock, the anonvma lock if the VMA is associated with a...
CVE-2023-52935 mm/khugepaged: fix ->anon_vma race
In the Linux kernel, the following vulnerability has been resolved: mm/khugepaged: fix -anonvma race If an -anonvma is attached to the VMA, collapseandfreepmd requires it to be locked. Page table traversal is allowed under any one of the mmap lock, the anonvma lock if the VMA is associated with a...
CVE-2023-52935 mm/khugepaged: fix ->anon_vma race
In the Linux kernel, the following vulnerability has been resolved: mm/khugepaged: fix -anonvma race If an -anonvma is attached to the VMA, collapseandfreepmd requires it to be locked. Page table traversal is allowed under any one of the mmap lock, the anonvma lock if the VMA is associated with a...
CVE-2022-26362
x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by...