CVE-2025-68248

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> vmw_balloon: indicate success when effectively deflating during migration<br /> <br /> When migrating a balloon page, we first deflate the old page to then<br /> inflate the new page.<br /> <br /> However, if inflating the new page succeeded, we effectively deflated the<br /> old page, reducing the balloon size.<br /> <br /> In that case, the migration actually worked: similar to migrating+<br /> immediately deflating the new page. The old page will be freed back to<br /> the buddy.<br /> <br /> Right now, the core will leave the page be marked as isolated (as we<br /> returned an error). When later trying to putback that page, we will run<br /> into the WARN_ON_ONCE() in balloon_page_putback().<br /> <br /> That handling was changed in commit 3544c4faccb8 ("mm/balloon_compaction:<br /> stop using __ClearPageMovable()"); before that change, we would have<br /> tolerated that way of handling it.<br /> <br /> To fix it, let&amp;#39;s just return 0 in that case, making the core effectively<br /> just clear the "isolated" flag + freeing it back to the buddy as if the<br /> migration succeeded. Note that the new page will also get freed when the<br /> core puts the last reference.<br /> <br /> Note that this also makes it all be more consistent: we will no longer<br /> unisolate the page in the balloon driver while keeping it marked as being<br /> isolated in migration core.<br /> <br /> This was found by code inspection.