DEBIAN-CVE-2024-56612

In the Linux kernel, the following vulnerability has been resolved: mm/gup: handle NULL pages in unpinuserpages() The recent addition of "pofs" (pages or folios) handling to gup has a flaw: it assumes that unpinuserpages() handles NULL pages in the pages** array. That's not the case, as I discovered when I ran on a new configuration on my test machine. Fix this by skipping NULL pages in unpinuserpages(), just like unpinfolios() already does. Details: when booting on x86 with "numa=fake=2 movablecore=4G" on Linux 6.12, and running this: tools/testing/selftests/mm/guplongterm ...I get the following crash: BUG: kernel NULL pointer dereference, address: 0000000000000008 RIP: 0010:sanitycheckpinnedpages+0x3a/0x2d0 ... Call Trace: <TASK> ? _diebody+0x66/0xb0 ? pagefaultoops+0x30c/0x3b0 ? douseraddrfault+0x6c3/0x720 ? irqentryenter+0x34/0x60 ? excpagefault+0x68/0x100 ? asmexcpagefault+0x22/0x30 ? sanitycheckpinnedpages+0x3a/0x2d0 unpinuserpages+0x24/0xe0 checkandmigratemovablepagesorfolios+0x455/0x4b0 _guplongtermlocked+0x3bf/0x820 ? mmapreadlockkillable+0x12/0x50 ? _pfxmmapreadlockkillable+0x10/0x10 pinuserpages+0x66/0xa0 guptestioctl+0x358/0xb20 _sesysioctl+0x6b/0xc0 dosyscall64+0x7b/0x150 entrySYSCALL64after_hwframe+0x76/0x7e