In the Linux kernel, the following vulnerability has been resolved:
mm/pagetablecheck: fix crash on ZONE_DEVICE
Not all pages may apply to pgtable check. One example is ZONEDEVICE pages: they map PFNs directly, and they don't allocate pageext at all even if there's struct page around. One may reference devmmemremappages().
When both ZONE_DEVICE and page-table-check enabled, then try to map some dax memories, one can trigger kernel bug constantly now when the kernel was trying to inject some pfn maps on the dax device:
kernel BUG at mm/pagetablecheck.c:55!
While it's pretty legal to use setpxxat() for ZONEDEVICE pages for page fault resolutions, skip all the checks if pageext doesn't even exist in pgtable checker, which applies to ZONE_DEVICE but maybe more.