Qi Zheng

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.4.143 **Description** A deadlock vulnerability has been identified in the Linux kernel. The issue arises when the `pty write()` function invokes `kmalloc()`, which may call `printk()` to print a failure message, leading to a deadlock. This occurs due to the locking mechanism in the `tty port` and `console owner`. The vulnerability can be triggered when `printk()` is called under `tty port->lock`, causing a circular locking dependency. The estimated number of potentially affected devices is not provided. **Recommendations** For Linux kernel versions prior to 5.4.143, apply the patch that specifies ` GFP NOWARN` to `kmalloc()` to avoid the deadlock problem. As a temporary workaround, consider disabling the `printk()` function in the `kmalloc()` path until a patch is available. However, this is not a recommended solution due to the complexity of changing `printk()` to `printk deferred()` in the `kmalloc()` path.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.5 **Description** The vulnerability is related to the userfaultfd feature in the Linux kernel, specifically with the pmd trans huge() code in mfill atomic(). The issue arises from a racy check that can lead to a BUG ON() or potentially worse consequences, such as accessing transhuge page contents as a page table, on older kernels (before 6.5). Additionally, pmd trans huge() is not sufficient for detecting PMDs that don't point to page tables, which can cause further issues. The problem can be triggered by winning a single, fairly wide race, and it affects kernels with versions prior to 6.5. **Recommendations** To resolve the issue, update the Linux kernel to version 6.5 or later. For kernels affected by bugs 1+2, the first fix can be backported. As a temporary workaround, consider disabling the `mfill atomic()` function until a patch is available. Restrict access to the vulnerable `pmd trans huge()` function to minimize the risk of exploitation. Avoid using the `UFFDIO ZEROPAGE` ioctl on affected kernels until the issue is resolved.