CVE-2026-31575

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mm/userfaultfd: fix hugetlb fault mutex hash calculation<br /> <br /> In mfill_atomic_hugetlb(), linear_page_index() is used to calculate the<br /> page index for hugetlb_fault_mutex_hash(). However, linear_page_index()<br /> returns the index in PAGE_SIZE units, while hugetlb_fault_mutex_hash()<br /> expects the index in huge page units. This mismatch means that different<br /> addresses within the same huge page can produce different hash values,<br /> leading to the use of different mutexes for the same huge page. This can<br /> cause races between faulting threads, which can corrupt the reservation<br /> map and trigger the BUG_ON in resv_map_release().<br /> <br /> Fix this by introducing hugetlb_linear_page_index(), which returns the<br /> page index in huge page granularity, and using it in place of<br /> linear_page_index().