CVE-2024-26991

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the KVM (Kernel-based Virtual Machine) component of the Linux kernel. It occurs when memory attributes are set on a GFN (Guest Frame Number) range, and the range has specific properties applied to the TDP (Translation Data Processor). A huge page cannot be used when the attributes are inconsistent. The KVM SET MEMORY ATTRIBUTES operation checks an xarray to ensure it consistently has the incoming attribute. However, an optimization employed by the helper hugepage has attrs() function can cause an overflow of the level - 1 kvm lpage info array, resulting in a vmalloc out-of-bounds read.

The KVM LPAGE MIXED FLAG bit is used to mark huge pages with mixed attributes, and it is essentially a permanently elevated count. Huge pages will not be mapped for the GFN at that page size if the count is elevated. The issue can be observed by compiling the kernel with CONFIG KASAN VMALLOC and running the selftest "private mem conversions test".

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.