CVE-2024-49872

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: A race condition panic in the Linux kernel has been resolved. The issue occurs when memfd pin folios attempts to create a hugetlb page, but another process has already done so, resulting in a folio value of -EEXIST. This leads to a panic on the next iteration of the while start idx loop. The fix involves setting the folio to NULL on error.

Recommendations: To resolve the issue, set the folio to NULL on error in the memfd pin folios function. As a temporary workaround, consider disabling the memfd pin folios function until a patch is available. Restrict access to the vulnerable memfd alloc folio function to minimize the risk of exploitation. Avoid using the folio variable in the affected code path until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.