Kefeng Wang

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue arises from the Linux kernel's handling of huge page sizes, where the `hugetlb wp()` function calls `copy user large folio()` with a fault address that may not be aligned with the huge page size. This can lead to `copy user gigantic page()` being called with an unaligned address, which requires alignment with the huge page size, potentially causing memory corruption or information leaks. The function `copy user gigantic page()` has been updated to use an aligned address and to use more obvious naming, 'addr hint' instead of 'addr'. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue arises from the Linux kernel's handling of huge page sizes, where the `hugetlb no page()` function calls `folio zero user()` with a fault address that may not be aligned with the huge page size. This can lead to `folio zero user()` calling `clear gigantic page()` with an unaligned address, which requires an address aligned with the huge page size. As a result, this can cause memory corruption or information leaks. The function `clear gigantic page()` has been updated to use a more obvious naming convention, 'addr hint' instead of 'addr', to reflect its purpose. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The vulnerability in the Linux kernel is related to the improper locking of resources, which can lead to a deadlock when the `page cache ra order()` function attempts to reclaim file-backed pages. This issue was found when testing ext4 large folio. The vulnerability can cause a denial of service. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability in the Linux kernel has been identified, specifically related to the `virt addr valid()` function on 64-bit Book3E and 32-bit systems. The issue arises because ` pa()` returns 0 for vmalloc space addresses, causing `virt to pfn()` and subsequently `virt addr valid()` to return incorrect results. This can lead to bugs with hardened usercopy, as demonstrated by a BUG occurrence when running `ethtool eth0` on 64-bit Book3E. The problem is caused by `virt addr valid()` returning true for vmalloc addresses that alias with a valid PFN. To fix this, extra checks have been added to `virt addr valid()` to ensure the virtual address is below `high memory` and above `PAGE OFFSET` for 64-bit systems, and similar checks are applied for 32-bit systems. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.