First published: Tue Jan 02 2024(Updated: )
A flaw in the Linux Kernel found. Null pointer dereference in hugetlbfs_fill_super function for hugetlbfs (HugeTLB pages). The issue presents when we attempt to update the pagesize value to an invalid size with the fsconfig syscall. This syscall will eventually call hugetlbfs_parse_param() where we will set the hstate value to null if the value passed is not a valid page size. If we then attempt to update the fs again with a fsconfig syscall, specifically with the FSCONFIG_CMD_CREATE option, we will then attempt to dereference that null pointer within hugetlbfs_fill_super() causing a panic.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Linux kernel | >=5.1<5.4.271 | |
Linux Linux kernel | >=5.5<5.10.212 | |
Linux Linux kernel | >=5.11<5.15.151 | |
Linux Linux kernel | >=5.16<6.1.79 | |
Linux Linux kernel | >=6.2<6.6.18 | |
Linux Linux kernel | >=6.7<6.7.6 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux | =9.0 | |
debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.11.10-1 6.12.5-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.