CVE-2024-49964: mm/hugetlb: fix memfd_pin_folios free_huge_pages leak

First published: Mon Oct 21 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix memfd_pin_folios free_huge_pages leak memfd_pin_folios followed by unpin_folios fails to restore free_huge_pages if the pages were not already faulted in, because the folio refcount for pages created by memfd_alloc_folio never goes to 0. memfd_pin_folios needs another folio_put to undo the folio_try_get below: memfd_alloc_folio() alloc_hugetlb_folio_nodemask() dequeue_hugetlb_folio_nodemask() dequeue_hugetlb_folio_node_exact() folio_ref_unfreeze(folio, 1); ; adds 1 refcount folio_try_get() ; adds 1 refcount hugetlb_add_to_page_cache() ; adds 512 refcount (on x86) With the fix, after memfd_pin_folios + unpin_folios, the refcount for the (unfaulted) page is 512, which is correct, as the refcount for a faulted unpinned page is 513.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/title
• agent/description
• agent/type
• agent/first-publish-date
• agent/author
• agent/severity
• agent/remedy
• collector/mitre-cve
• source/MITRE
• agent/last-modified-date
• agent/source
• collector/nvd-api
• source/NVD
• agent/software-canonical-lookup
• agent/software-canonical-lookup-request
• agent/softwarecombine
• agent/tags
• collector/usn-cve
• source/Ubuntu
• collector/launchpad-cve
• source/Launchpad
• agent/event
• collector/security-tracker-debian
• source/Debian
• agent/references
• collector/nvd-cve
• vendor/linux
• canonical/linux kernel
• version/linux kernel/6.11
• package-manager/debian