Description
In the Linux kernel, the following vulnerability has been resolved: mm: turn folio_test_hugetlb into a PageType The current folio_test_hugetlb() can be fooled by a concurrent folio split into returning true for a folio which has never belonged to hugetlbfs. This can't happen if the caller holds a refcount on it, but we have a few places (memory-failure, compaction, procfs) which do not and should not take a speculative reference. Since hugetlb pages do not use individual page mapcounts (they are always fully mapped and use the entire_mapcount field to record the number of mappings), the PageType field is available now that page_mapcount() ignores the value in this field. In compaction and with CONFIG_DEBUG_VM enabled, the current implementation can result in an oops, as reported by Luis. This happens since 9c5ccf2db04b ("mm: remove HUGETLB_PAGE_DTOR") effectively added some VM_BUG_ON() checks in the PageHuge() testing path. [[email protected]: update vmcoreinfo]
INFO
Published Date :
2024-05-20T09:47:57.739Z
Last Modified :
2025-05-04T09:10:06.359Z
Source :
Linux
AFFECTED PRODUCTS
The following products are affected by CVE-2024-35993 vulnerability.
| Vendors | Products |
|---|---|
| Linux |
|
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2024-35993.
