CVE-2022-49828

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> hugetlbfs: don&amp;#39;t delete error page from pagecache<br /> <br /> This change is very similar to the change that was made for shmem [1], and<br /> it solves the same problem but for HugeTLBFS instead.<br /> <br /> Currently, when poison is found in a HugeTLB page, the page is removed<br /> from the page cache. That means that attempting to map or read that<br /> hugepage in the future will result in a new hugepage being allocated<br /> instead of notifying the user that the page was poisoned. As [1] states,<br /> this is effectively memory corruption.<br /> <br /> The fix is to leave the page in the page cache. If the user attempts to<br /> use a poisoned HugeTLB page with a syscall, the syscall will fail with<br /> EIO, the same error code that shmem uses. For attempts to map the page,<br /> the thread will get a BUS_MCEERR_AR SIGBUS.<br /> <br /> [1]: commit a76054266661 ("mm: shmem: don&amp;#39;t truncate page if memory failure happens")