Nicolas Bouchinet

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue arises from the Linux kernel's slab allocator, specifically when handling single object freeing separately from bulk object freeing. If `init on free` is set, the `slab free hook()` function zeroes the object, and with `slub debug=F` and `CONFIG SLAB FREELIST HARDENED` set, the `do slab free()` slowpath executes freelist consistency checks. This can lead to a "Freepointer corrupt" detection in `check object()` due to the decoding of a zeroed freepointer. The vulnerability can be reproduced by setting specific debug and configuration options on a kernel build with `CONFIG SLAB FREELIST HARDENED=y`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.