CVE-2024-46838

Since khugepaged was changed to allow retracting page tables in file mappings without holding the mmap lock, these BUG_ON()s are wrong - get rid of them.

We could also remove the preceding "if (unlikely(...))" block, but then we could reach pteoffsetmap_lock() with transhuge pages not just for file mappings but also for anonymous mappings - which would probably be fine but I think is not necessarily expected.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

1d65b771bc08cd054cf6d3766a72e113dc46d62f

Fixed

4a594acc12d5954cdc71d4450a386748bf3d136a

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

1d65b771bc08cd054cf6d3766a72e113dc46d62f

Fixed

db978287e908d48b209e374b00d847b2d785e0a9

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

1d65b771bc08cd054cf6d3766a72e113dc46d62f

Fixed

4828d207dc5161dc7ddf9a4f6dcfd80c7dd7d20a

Affected versions

v6.*

v6.10

v6.10-rc1

v6.10-rc2

v6.10-rc3

v6.10-rc4

v6.10-rc5

v6.10-rc6

v6.10-rc7

v6.10.1

v6.10.2

v6.10.3

v6.10.4

v6.10.5

v6.10.6

v6.10.7

v6.10.8

v6.10.9

v6.11-rc1

v6.11-rc2

v6.11-rc3

v6.11-rc4

v6.11-rc5

v6.11-rc6

v6.5

v6.5-rc5

v6.5-rc6

v6.5-rc7

v6.6

v6.6-rc1

v6.6-rc2

v6.6-rc3

v6.6-rc4

v6.6-rc5

v6.6-rc6

v6.6-rc7

v6.6.1

v6.6.10

v6.6.11

v6.6.12

v6.6.13

v6.6.14

v6.6.15

v6.6.16

v6.6.17

v6.6.18

v6.6.19

v6.6.2

v6.6.20

v6.6.21

v6.6.22

v6.6.23

v6.6.24

v6.6.25

v6.6.26

v6.6.27

v6.6.28

v6.6.29

v6.6.3

v6.6.30

v6.6.31

v6.6.32

v6.6.33

v6.6.34

v6.6.35

v6.6.36

v6.6.37

v6.6.38

v6.6.39

v6.6.4

v6.6.40

v6.6.41

v6.6.42

v6.6.43

v6.6.44

v6.6.45

v6.6.46

v6.6.47

v6.6.48

v6.6.49

v6.6.5

v6.6.50

v6.6.6

v6.6.7

v6.6.8

v6.6.9

v6.7

v6.7-rc1

v6.7-rc2

v6.7-rc3

v6.7-rc4

v6.7-rc5

v6.7-rc6

v6.7-rc7

v6.7-rc8

v6.8

v6.8-rc1

v6.8-rc2

v6.8-rc3

v6.8-rc4

v6.8-rc5

v6.8-rc6

v6.8-rc7

v6.9

v6.9-rc1

v6.9-rc2

v6.9-rc3

v6.9-rc4

v6.9-rc5

v6.9-rc6

v6.9-rc7

Database specific

{
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4828d207dc5161dc7ddf9a4f6dcfd80c7dd7d20a",
            "signature_type": "Line",
            "target": {
                "file": "mm/userfaultfd.c"
            },
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "96004666317817565490530309859873995859",
                    "241633244378867718815318597344981592374",
                    "141521045634378977496508178583805378610",
                    "337467240914743176470093672690867559397",
                    "306209937873552094189038798601210212862"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2024-46838-ad2ede8f"
        },
        {
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4828d207dc5161dc7ddf9a4f6dcfd80c7dd7d20a",
            "signature_type": "Function",
            "target": {
                "function": "mfill_atomic",
                "file": "mm/userfaultfd.c"
            },
            "deprecated": false,
            "digest": {
                "length": 2467.0,
                "function_hash": "142792275286545535933077538691253461308"
            },
            "id": "CVE-2024-46838-fbd742b0"
        }
    ]
}

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.6.0

Fixed

6.6.51

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.10.10