CVE-2024-57883

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.13.0-rc2master+

Description The issue is related to the Linux kernel's handling of huge page tables. The folio refcount may be increased unexpectedly through try get folio() by callers such as split huge pages(). This can cause the page table to leak, as the check for shared page tables in huge pmd unshare() is incorrect if the refcount is increased. The problem may be triggered by damon, offline page, page idle, etc., which increase the refcount of the page table. This can lead to the page table itself being discarded after reporting a "nonzero mapcount" and the HugeTLB page mapped by the page table not being freed.

Recommendations To resolve the issue, introduce an independent PMD page table shared count. This can be achieved by reusing the pt share count field, which is used for x86/arm64/riscv pmds. As a temporary workaround, consider disabling the split huge pages() function until a patch is available. Restrict access to the huge pmd unshare() function to minimize the risk of exploitation. Avoid using the try get folio() function in the affected API endpoint until the issue is resolved.