CVE-2024-46790

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.10.9

Description The issue arises when PG hwpoison pages are freed and treated differently in free pages prepare(), leading to isolation instead of release. Page allocation tag counters are decremented, considering the page not in use. Later, when such pages are released by unpoison memory(), the allocation tag counters are decremented again, resulting in a warning. The vulnerability can be fixed by clearing the page tag reference after the page is isolated and accounted for.

Recommendations To resolve the issue, clear the page tag reference after the page got isolated and accounted for. This can be achieved by modifying the kernel code to properly handle PG hwpoison pages during the free pages prepare() process. As a temporary workaround, consider disabling the hwpoison inject module until a patch is available.