In the Linux kernel, the following vulnerability has been resolved:
mm/hugetlb: fix memfd_pin_folios free_huge_pages leak
memfd_pin_folios followed by unpin_folios fails to restore free_huge_pages
if the pages were not already faulted in, because the folio refcount for
pages created by memfd_alloc_folio never goes to 0. memfd_pin_folios
needs another folio_put to undo the folio_try_get below:
memfd_alloc_folio()
alloc_hugetlb_folio_nodemask()
dequeue_hugetlb_folio_nodemask()
dequeue_hugetlb_folio_node_exact()
folio_ref_unfreeze(folio, 1); ; adds 1 refcount
folio_try_get() ; adds 1 refcount
hugetlb_add_to_page_cache() ; adds 512 refcount (on x86)
With the fix, after memfd_pin_folios + unpin_folios, the refcount for the
(unfaulted) page is 512, which is correct, as the refcount for a faulted
unpinned page is 513.
References
Configurations
History
07 Nov 2024, 19:20
Type | Values Removed | Values Added |
---|---|---|
References | () https://git.kernel.org/stable/c/59e081ff2e91bbf19b8c1ecb75b031f778858383 - Patch | |
References | () https://git.kernel.org/stable/c/c56b6f3d801d7ec8965993342bdd9e2972b6cb8e - Patch | |
CWE | NVD-CWE-Other | |
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
First Time |
Linux linux Kernel
Linux |
23 Oct 2024, 15:13
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
21 Oct 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-21 18:15
Updated : 2024-11-07 19:20
NVD link : CVE-2024-49964
Mitre link : CVE-2024-49964
CVE.ORG link : CVE-2024-49964
JSON object : View
Products Affected
linux
- linux_kernel
CWE