CVE-2024-53113

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mm: fix NULL pointer dereference in alloc_pages_bulk_noprof<br /> <br /> We triggered a NULL pointer dereference for ac.preferred_zoneref-&gt;zone in<br /> alloc_pages_bulk_noprof() when the task is migrated between cpusets.<br /> <br /> When cpuset is enabled, in prepare_alloc_pages(), ac-&gt;nodemask may be<br /> &amp;current-&gt;mems_allowed. when first_zones_zonelist() is called to find<br /> preferred_zoneref, the ac-&gt;nodemask may be modified concurrently if the<br /> task is migrated between different cpusets. Assuming we have 2 NUMA Node,<br /> when traversing Node1 in ac-&gt;zonelist, the nodemask is 2, and when<br /> traversing Node2 in ac-&gt;zonelist, the nodemask is 1. As a result, the<br /> ac-&gt;preferred_zoneref points to NULL zone.<br /> <br /> In alloc_pages_bulk_noprof(), for_each_zone_zonelist_nodemask() finds a<br /> allowable zone and calls zonelist_node_idx(ac.preferred_zoneref), leading<br /> to NULL pointer dereference.<br /> <br /> __alloc_pages_noprof() fixes this issue by checking NULL pointer in commit<br /> ea57485af8f4 ("mm, page_alloc: fix check for NULL preferred_zone") and<br /> commit df76cee6bbeb ("mm, page_alloc: remove redundant checks from alloc<br /> fastpath").<br /> <br /> To fix it, check NULL pointer for preferred_zoneref-&gt;zone.