CVE-2024-35846

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mm: zswap: fix shrinker NULL crash with cgroup_disable=memory<br /> <br /> Christian reports a NULL deref in zswap that he bisected down to the zswap<br /> shrinker. The issue also cropped up in the bug trackers of libguestfs [1]<br /> and the Red Hat bugzilla [2].<br /> <br /> The problem is that when memcg is disabled with the boot time flag, the<br /> zswap shrinker might get called with sc-&gt;memcg == NULL. This is okay in<br /> many places, like the lruvec operations. But it crashes in<br /> memcg_page_state() - which is only used due to the non-node accounting of<br /> cgroup&amp;#39;s the zswap memory to begin with.<br /> <br /> Nhat spotted that the memcg can be NULL in the memcg-disabled case, and I<br /> was then able to reproduce the crash locally as well.<br /> <br /> [1] https://github.com/libguestfs/libguestfs/issues/139<br /> [2] https://bugzilla.redhat.com/show_bug.cgi?id=2275252