CVE-2024-26630

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mm: cachestat: fix folio read-after-free in cache walk<br /> <br /> In cachestat, we access the folio from the page cache&amp;#39;s xarray to compute<br /> its page offset, and check for its dirty and writeback flags. However, we<br /> do not hold a reference to the folio before performing these actions,<br /> which means the folio can concurrently be released and reused as another<br /> folio/page/slab.<br /> <br /> Get around this altogether by just using xarray&amp;#39;s existing machinery for<br /> the folio page offsets and dirty/writeback states.<br /> <br /> This changes behavior for tmpfs files to now always report zeroes in their<br /> dirty and writeback counters. This is okay as tmpfs doesn&amp;#39;t follow<br /> conventional writeback cache behavior: its pages get "cleaned" during<br /> swapout, after which they&amp;#39;re no longer resident etc.