CVE-2024-36028

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.37

Description: The vulnerability is related to the mm/hugetlb component of the Linux kernel. It causes a kernel panic when the dissolve free hugetlb folio() function is called. The root cause of the issue is that the deferred list field of the folio structure is unioned with the hugetlb subpool field. In the update and free hugetlb folio() function, the folio-> deferred field is accessed, leading to a warning and a kernel panic. The vulnerability can be exploited by causing a memory failure, which can lead to a denial-of-service (DoS) attack.

Recommendations: To resolve the issue, update the Linux kernel to version 6.6.37 or later. If updating is not possible, consider disabling the hugetlb feature or restricting access to the vulnerable dissolve free hugetlb folio() function until a patch is available. Additionally, ensure that the system is configured to handle kernel panics and memory failures properly to minimize the impact of the vulnerability.