CVE-2024-35993
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-35993
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-35993.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-35993
- Related
- Published
- 2024-05-20T10:15:13Z
- Modified
- 2024-09-18T03:26:22.189531Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
mm: turn foliotesthugetlb into a PageType
The current foliotesthugetlb() can be fooled by a concurrent folio split into returning true for a folio which has never belonged to hugetlbfs. This can't happen if the caller holds a refcount on it, but we have a few places (memory-failure, compaction, procfs) which do not and should not take a speculative reference.
Since hugetlb pages do not use individual page mapcounts (they are always fully mapped and use the entiremapcount field to record the number of mappings), the PageType field is available now that pagemapcount() ignores the value in this field.
In compaction and with CONFIGDEBUGVM enabled, the current implementation can result in an oops, as reported by Luis. This happens since 9c5ccf2db04b ("mm: remove HUGETLBPAGEDTOR") effectively added some VMBUGON() checks in the PageHuge() testing path.
[willy@infradead.org: update vmcoreinfo] Link: https://lkml.kernel.org/r/ZgGZUvsdhaT1Va-T@casper.infradead.org
- References
Affected packages
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.8.9-1