Kun

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58 Description: The issue is related to the device-dax feature in the Linux kernel, where the `pgoff` should be aligned using `ALIGN DOWN()` instead of `ALIGN()`. This can cause memory failure to get the wrong address, leading to endless MCE (memory-failure) until panic. The problem is subtle and can only be observed in specific error injection scenarios. It took several weeks to identify the issue using `bpftrace` to trace the page fault and MCE address. Recommendations: To resolve the issue, update to Linux kernel version 6.6.58 or later. As a temporary workaround, consider avoiding the use of unpinned device-dax regions unaligned to the device-dax selected alignment. Restrict access to the `dax set mapping()` function until a patch is available. Avoid using the `page mapped in vma()` function in dev-dax's page unless in specific error injection scenarios to minimize the risk of exploitation.