Asahi Lina

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the Linux kernel's memory management, specifically with lockless walks and static and dynamic page-table folding on arm64 architectures. When 16K pages are used with 4-level page-tables and the fourth level is folded at runtime due to lack of LPA2, the generic implementation of `p4d offset lockless()` returns a `p4d t *` corresponding to the `pgd t` allocated on the stack of the caller, `gup fast pgd range()`. This can result in a stray stack read when the `p4d t` has been allocated on the stack, potentially causing issues. The problem is fixed by providing a custom definition of `p4d offset lockless()` when `CONFIG PGTABLE LEVELS` is less than or equal to 4, which returns the real page-table pointer rather than the address of the local stack variable. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.