In the Linux kernel, the following vulnerability has been resolved: mm:
turn folio_test_hugetlb into a PageType The current folio_test_hugetlb()
can be fooled by a concurrent folio split into returning true for a folio
which has never belonged to hugetlbfs. This can’t happen if the caller
holds a refcount on it, but we have a few places (memory-failure,
compaction, procfs) which do not and should not take a speculative
reference. Since hugetlb pages do not use individual page mapcounts (they
are always fully mapped and use the entire_mapcount field to record the
number of mappings), the PageType field is available now that
page_mapcount() ignores the value in this field. In compaction and with
CONFIG_DEBUG_VM enabled, the current implementation can result in an oops,
as reported by Luis. This happens since 9c5ccf2db04b (“mm: remove
HUGETLB_PAGE_DTOR”) effectively added some VM_BUG_ON() checks in the
PageHuge() testing path. [[email protected]: update vmcoreinfo] Link:
https://lkml.kernel.org/r/[email protected]
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
git.kernel.org/linus/d99e3140a4d33e26066183ff727d8f02f56bec64 (6.9-rc6)
git.kernel.org/stable/c/2431b5f2650dfc47ce782d1ca7b02d6b3916976f
git.kernel.org/stable/c/9fdcc5b6359dfdaa52a55033bf50e2cedd66eb32
git.kernel.org/stable/c/d99e3140a4d33e26066183ff727d8f02f56bec64
launchpad.net/bugs/cve/CVE-2024-35993
nvd.nist.gov/vuln/detail/CVE-2024-35993
security-tracker.debian.org/tracker/CVE-2024-35993
www.cve.org/CVERecord?id=CVE-2024-35993