resolved HugeTLB pages vulnerability in mm/swapfile
CVE-2024-50199

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
8 November 2024

What is CVE-2024-50199?

In the Linux kernel, the following vulnerability has been resolved:

mm/swapfile: skip HugeTLB pages for unuse_vma

I got a bad pud error and lost a 1GB HugeTLB when calling swapoff. The problem can be reproduced by the following steps:

  1. Allocate an anonymous 1GB HugeTLB and some other anonymous memory.
  2. Swapout the above anonymous memory.
  3. run swapoff and we will get a bad pud error in kernel message:

mm/pgtable-generic.c:42: bad pud 00000000743d215d(84000001400000e7)

We can tell that pud_clear_bad is called by pud_none_or_clear_bad in unuse_pud_range() by ftrace. And therefore the HugeTLB pages will never be freed because we lost it from page table. We can skip HugeTLB pages for unuse_vma to fix it.

Affected Version(s)

Linux 0fe6e20b9c4c53b3e97096ee73a0857f60aad43f

Linux 0fe6e20b9c4c53b3e97096ee73a0857f60aad43f < 417d5838ca73c6331ae2fe692fab6c25c00d9a0b

Linux 0fe6e20b9c4c53b3e97096ee73a0857f60aad43f

References

https://git.kernel.org/stable/c/ba7f982cdb37ff5a7739dec85...
https://git.kernel.org/stable/c/417d5838ca73c6331ae2fe692...
https://git.kernel.org/stable/c/e41710f5a61aca9d6baaa8f53...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.