Memory Management Flaw in Linux Kernel Affecting Sparse Memory Configuration

CVE-2024-57881

Summary

A memory management vulnerability exists in the Linux kernel related to the handling of page frame numbers (PFNs) within the split_large_buddy() function. In certain scenarios, especially when freeing the highest pageblock in the last memory section with specific configuration settings enabled, the system may incorrectly call pfn_to_page() on a PFN that could potentially not exist. This can lead to null pointer dereference issues, posing risks to system stability and security. A code inspection revealed this flaw, prompting an immediate fix that skips unnecessary calls to pfn_to_page() when the page is already accessible. Users are advised to update to secure versions promptly.

References