U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2024-49872

Change History

New CVE Received from kernel.org 10/21/2024 2:15:08 PM

Action Type Old Value New Value
Added Description

								
							
							
						
In the Linux kernel, the following vulnerability has been resolved:

mm/gup: fix memfd_pin_folios alloc race panic

If memfd_pin_folios tries to create a hugetlb page, but someone else
already did, then folio gets the value -EEXIST here:

        folio = memfd_alloc_folio(memfd, start_idx);
        if (IS_ERR(folio)) {
                ret = PTR_ERR(folio);
                if (ret != -EEXIST)
                        goto err;

then on the next trip through the "while start_idx" loop we panic here:

        if (folio) {
                folio_put(folio);

To fix, set the folio to NULL on error.
Added Reference

								
							
							
						
kernel.org https://git.kernel.org/stable/c/ce645b9fdc78ec5d28067286e92871ddae6817d5 [No types assigned]
Added Reference

								
							
							
						
kernel.org https://git.kernel.org/stable/c/e28f39b359c0cfdcc011603e51187085a5f1e5e3 [No types assigned]