CVE-2024-26759

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.8

Description A race condition in the Linux kernel's swap cache can cause data corruption when two or more threads swap in the same entry at the same time. This can lead to a stalled page being installed into the page table, resulting in data loss. The issue is triggered when multiple threads swap in the same entry simultaneously, causing the pte same check to pass even though the page has been modified. This can happen when using a small swap device and multiple threads are updating mapped pages in opposite directions. A reproducer has been created to demonstrate this issue, which can cause data loss at a rate of about once every 5 minutes.

Recommendations To resolve this issue, update the Linux kernel to version 6.8 or later, which includes the fix for this vulnerability. If updating is not possible, consider disabling the swap cache or restricting its use to minimize the risk of exploitation. Additionally, avoid using small swap devices and limit the number of threads that can swap in the same entry simultaneously.