CVE-2024-49873

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The issue is related to the Linux kernel, specifically with the filemap get folios contig function when used with memfd pin folios and huge pages (THP). The problem occurs when the starting offset passed to memfd pin folios is not huge page aligned, leading to a kernel NULL pointer dereference. This is because memfd pin folios does not round the indices to huge page boundaries for THP, resulting in loading from the middle of a huge page range and seeing a sibling entry. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations: To resolve the issue, apply the patch series "memfd-pin huge page fixes" to the Linux kernel. Specifically, the fix involves modifying the filemap get folios contig function to return the next index as the starting point for the next call when a sibling entry is encountered. As a temporary workaround, consider avoiding the use of memfd pin folios with huge pages (THP) until the patch is applied.