CVE-2021-47090: mm/hwpoison: clear MF_COUNT_INCREASED before retrying get_any_page()
First published: Mon Mar 04 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: mm/hwpoison: clear MF_COUNT_INCREASED before retrying get_any_page() Hulk Robot reported a panic in put_page_testzero() when testing madvise() with MADV_SOFT_OFFLINE. The BUG() is triggered when retrying get_any_page(). This is because we keep MF_COUNT_INCREASED flag in second try but the refcnt is not increased. page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0) ------------[ cut here ]------------ kernel BUG at include/linux/mm.h:737! invalid opcode: 0000 [#1] PREEMPT SMP CPU: 5 PID: 2135 Comm: sshd Tainted: G B 5.16.0-rc6-dirty #373 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 RIP: release_pages+0x53f/0x840 Call Trace: free_pages_and_swap_cache+0x64/0x80 tlb_flush_mmu+0x6f/0x220 unmap_page_range+0xe6c/0x12c0 unmap_single_vma+0x90/0x170 unmap_vmas+0xc4/0x180 exit_mmap+0xde/0x3a0 mmput+0xa3/0x250 do_exit+0x564/0x1470 do_group_exit+0x3b/0x100 __do_sys_exit_group+0x13/0x20 __x64_sys_exit_group+0x16/0x20 do_syscall_64+0x34/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae Modules linked in: ---[ end trace e99579b570fe0649 ]--- RIP: 0010:release_pages+0x53f/0x840
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Kernel-devel | ||
| Linux Kernel | >=5.10<5.10.89 | |
| Linux Kernel | >=5.11<5.15.12 | |
| Linux Kernel | =5.16-rc1 | |
| Linux Kernel | =5.16-rc2 | |
| Linux Kernel | =5.16-rc3 | |
| Linux Kernel | =5.16-rc4 | |
| Linux Kernel | =5.16-rc5 | |
| Linux Kernel | =5.16-rc6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-47090?
CVE-2021-47090 has been classified with high severity due to the potential for kernel panics and system instability.
How do I fix CVE-2021-47090?
To fix CVE-2021-47090, you should upgrade your Linux kernel to version 5.10.89 or later, or 5.11 or later if using the affected range.
Which versions of the Linux kernel are affected by CVE-2021-47090?
CVE-2021-47090 affects all Linux kernel versions between 5.10 and 5.10.89, and also versions between 5.11 and 5.15.12, as well as specific release candidates of 5.16.
What is the impact of CVE-2021-47090 on my system?
The impact of CVE-2021-47090 can lead to kernel panics, which can result in system instability and potential data loss.
Is CVE-2021-47090 a remote exploit?
CVE-2021-47090 is not categorized as a remote exploit but can affect local users operating within the system architecture.
- agent/references
- agent/title
- agent/type
- agent/first-publish-date
- agent/description
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/severity
- agent/remedy
- agent/last-modified-date
- agent/event
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/guess-ai
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.10
- version/linux kernel/5.11
- version/linux kernel/5.16-rc1
- version/linux kernel/5.16-rc2
- version/linux kernel/5.16-rc3
- version/linux kernel/5.16-rc4
- version/linux kernel/5.16-rc5
- version/linux kernel/5.16-rc6
- canonical/red hat kernel-devel