In the Linux kernel, the following vulnerability has been resolved:
mm/pagetablecheck: fix crash on ZONE_DEVICE
Not all pages may apply to pgtable check. One example is ZONEDEVICE pages: they map PFNs directly, and they don't allocate pageext at all even if there's struct page around. One may reference devmmemremappages().
When both ZONE_DEVICE and page-table-check enabled, then try to map some dax memories, one can trigger kernel bug constantly now when the kernel was trying to inject some pfn maps on the dax device:
kernel BUG at mm/pagetablecheck.c:55!
While it's pretty legal to use setpxxat() for ZONEDEVICE pages for page fault resolutions, skip all the checks if pageext doesn't even exist in pgtable checker, which applies to ZONE_DEVICE but maybe more.
[ { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@51897f99351fff7b57f4f141940fa93b4e90fd2b", "signature_version": "v1", "target": { "file": "mm/page_table_check.c", "function": "__page_table_check_zero" }, "digest": { "length": 411.0, "function_hash": "57975450479636233858107052533141117366" }, "deprecated": false, "signature_type": "Function", "id": "CVE-2024-40948-1cadf0e9" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@51897f99351fff7b57f4f141940fa93b4e90fd2b", "signature_version": "v1", "target": { "file": "mm/page_table_check.c", "function": "page_table_check_clear" }, "digest": { "length": 679.0, "function_hash": "116431888026416004856452063283689429820" }, "deprecated": false, "signature_type": "Function", "id": "CVE-2024-40948-2520d9d8" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8bb592c2eca8fd2bc06db7d80b38da18da4a2f43", "signature_version": "v1", "target": { "file": "mm/page_table_check.c", "function": "page_table_check_clear" }, "digest": { "length": 640.0, "function_hash": "328872397632914227784261365857946632916" }, "deprecated": false, "signature_type": "Function", "id": "CVE-2024-40948-3fae4660" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dec2382247860d2134c8d41e103e26460c099629", "signature_version": "v1", "target": { "file": "mm/page_table_check.c", "function": "page_table_check_clear" }, "digest": { "length": 640.0, "function_hash": "328872397632914227784261365857946632916" }, "deprecated": false, "signature_type": "Function", "id": "CVE-2024-40948-42c1b606" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@84d3549d54f5ff9fa3281257be3019386f51d1a0", "signature_version": "v1", "target": { "file": "mm/page_table_check.c" }, "digest": { "line_hashes": [ "289822533049936630350572325446666365806", "35450541036070278372240010388109066161", "333677178089496264047949571748094148539", "289822533049936630350572325446666365806", "35450541036070278372240010388109066161", "333677178089496264047949571748094148539", "214228881328809078460341517953448875571", "304269116635783601106187507608897625089", "329465570712061699458767100710817938632", "215698086814727808135341511070522852746" ], "threshold": 0.9 }, "deprecated": false, "signature_type": "Line", "id": "CVE-2024-40948-46aaf2e4" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dec2382247860d2134c8d41e103e26460c099629", "signature_version": "v1", "target": { "file": "mm/page_table_check.c", "function": "page_table_check_set" }, "digest": { "length": 663.0, "function_hash": "72832267679090789440120803148219365448" }, "deprecated": false, "signature_type": "Function", "id": "CVE-2024-40948-57cf4294" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dec2382247860d2134c8d41e103e26460c099629", "signature_version": "v1", "target": { "file": "mm/page_table_check.c" }, "digest": { "line_hashes": [ "289822533049936630350572325446666365806", "35450541036070278372240010388109066161", "333677178089496264047949571748094148539", "289822533049936630350572325446666365806", "35450541036070278372240010388109066161", "333677178089496264047949571748094148539", "214228881328809078460341517953448875571", "304269116635783601106187507608897625089", "329465570712061699458767100710817938632", "215698086814727808135341511070522852746" ], "threshold": 0.9 }, "deprecated": false, "signature_type": "Line", "id": "CVE-2024-40948-96f86766" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dec2382247860d2134c8d41e103e26460c099629", "signature_version": "v1", "target": { "file": "mm/page_table_check.c", "function": "__page_table_check_zero" }, "digest": { "length": 411.0, "function_hash": "57975450479636233858107052533141117366" }, "deprecated": false, "signature_type": "Function", "id": "CVE-2024-40948-a186fd58" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@84d3549d54f5ff9fa3281257be3019386f51d1a0", "signature_version": "v1", "target": { "file": "mm/page_table_check.c", "function": "page_table_check_set" }, "digest": { "length": 663.0, "function_hash": "72832267679090789440120803148219365448" }, "deprecated": false, "signature_type": "Function", "id": "CVE-2024-40948-a47b15e8" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8bb592c2eca8fd2bc06db7d80b38da18da4a2f43", "signature_version": "v1", "target": { "file": "mm/page_table_check.c", "function": "page_table_check_set" }, "digest": { "length": 663.0, "function_hash": "72832267679090789440120803148219365448" }, "deprecated": false, "signature_type": "Function", "id": "CVE-2024-40948-adf6ac40" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8bb592c2eca8fd2bc06db7d80b38da18da4a2f43", "signature_version": "v1", "target": { "file": "mm/page_table_check.c" }, "digest": { "line_hashes": [ "289822533049936630350572325446666365806", "35450541036070278372240010388109066161", "333677178089496264047949571748094148539", "289822533049936630350572325446666365806", "35450541036070278372240010388109066161", "333677178089496264047949571748094148539", "214228881328809078460341517953448875571", "304269116635783601106187507608897625089", "329465570712061699458767100710817938632", "215698086814727808135341511070522852746" ], "threshold": 0.9 }, "deprecated": false, "signature_type": "Line", "id": "CVE-2024-40948-b090fe62" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@84d3549d54f5ff9fa3281257be3019386f51d1a0", "signature_version": "v1", "target": { "file": "mm/page_table_check.c", "function": "page_table_check_clear" }, "digest": { "length": 640.0, "function_hash": "328872397632914227784261365857946632916" }, "deprecated": false, "signature_type": "Function", "id": "CVE-2024-40948-ca2fe0b9" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@51897f99351fff7b57f4f141940fa93b4e90fd2b", "signature_version": "v1", "target": { "file": "mm/page_table_check.c" }, "digest": { "line_hashes": [ "289822533049936630350572325446666365806", "35450541036070278372240010388109066161", "333677178089496264047949571748094148539", "289822533049936630350572325446666365806", "35450541036070278372240010388109066161", "333677178089496264047949571748094148539", "214228881328809078460341517953448875571", "304269116635783601106187507608897625089", "329465570712061699458767100710817938632", "215698086814727808135341511070522852746" ], "threshold": 0.9 }, "deprecated": false, "signature_type": "Line", "id": "CVE-2024-40948-ceea80cd" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@51897f99351fff7b57f4f141940fa93b4e90fd2b", "signature_version": "v1", "target": { "file": "mm/page_table_check.c", "function": "page_table_check_set" }, "digest": { "length": 702.0, "function_hash": "237610029268892514530135184156640323505" }, "deprecated": false, "signature_type": "Function", "id": "CVE-2024-40948-d8023302" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@84d3549d54f5ff9fa3281257be3019386f51d1a0", "signature_version": "v1", "target": { "file": "mm/page_table_check.c", "function": "__page_table_check_zero" }, "digest": { "length": 411.0, "function_hash": "57975450479636233858107052533141117366" }, "deprecated": false, "signature_type": "Function", "id": "CVE-2024-40948-dc77b127" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8bb592c2eca8fd2bc06db7d80b38da18da4a2f43", "signature_version": "v1", "target": { "file": "mm/page_table_check.c", "function": "__page_table_check_zero" }, "digest": { "length": 411.0, "function_hash": "57975450479636233858107052533141117366" }, "deprecated": false, "signature_type": "Function", "id": "CVE-2024-40948-f28340c6" } ]