Steve Sistare

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to the Linux kernel, specifically with the `filemap get folios contig` function when used with `memfd pin folios` and huge pages (THP). The problem occurs when the starting offset passed to `memfd pin folios` is not huge page aligned, leading to a kernel NULL pointer dereference. This is because `memfd pin folios` does not round the indices to huge page boundaries for THP, resulting in loading from the middle of a huge page range and seeing a sibling entry. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. Recommendations: To resolve the issue, apply the patch series "memfd-pin huge page fixes" to the Linux kernel. Specifically, the fix involves modifying the `filemap get folios contig` function to return the next index as the starting point for the next call when a sibling entry is encountered. As a temporary workaround, consider avoiding the use of `memfd pin folios` with huge pages (THP) until the patch is applied.

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: A memory leak issue has been identified in the Linux kernel, specifically in the `mm/hugetlb` component. The problem occurs when `memfd pin folios` is followed by `unpin folios`, and the pages were not already faulted in. This is because the folio refcount for pages created by `memfd alloc folio` never goes to 0. The issue is caused by a missing `folio put` to undo the `folio try get` in `memfd pin folios`. The refcount for an unfaulted page is incorrectly set to 513 instead of 512 after `memfd pin folios` and `unpin folios`. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.