Memory Corruption Vulnerability in Linux Kernel Affecting Hugetlb

CVE-2024-51729

Summary

A vulnerability exists in the Linux kernel's handling of huge pages that could lead to memory corruption or information leaks. The issue arises when the hugetlb_wp() function calls copy_user_large_folio() with potentially misaligned fault addresses. This misalignment can lead to copy_user_gigantic_page() receiving addresses that do not meet its alignment requirements, resulting in unsafe memory operations. The vulnerability has been addressed by ensuring correct address alignment and updating function naming for clarity.

References