CVE-2024-49872 Information

Description

In the Linux kernel the following vulnerability has been resolved:

mm/gup: fix memfd_pin_folios alloc race panic

If memfd_pin_folios tries to create a hugetlb page but someone else already did then folio gets the value -EEXIST here:

    folio = memfd_alloc_folio(memfd start_idx);
    if (IS_ERR(folio)) 
            ret = PTR_ERR(folio);
            if (ret != -EEXIST)
                    goto err;

then on the next trip through the \while start_idx\ loop we panic here:

    if (folio) 
            folio_put(folio);

To fix set the folio to NULL on error.

Reference

https://git.kernel.org/stable/c/e28f39b359c0cfdcc011603e51187085a5f1e5e3 https://git.kernel.org/stable/c/ce645b9fdc78ec5d28067286e92871ddae6817d5