CVE-2024-26832

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mm: zswap: fix missing folio cleanup in writeback race path<br /> <br /> In zswap_writeback_entry(), after we get a folio from<br /> __read_swap_cache_async(), we grab the tree lock again to check that the<br /> swap entry was not invalidated and recycled. If it was, we delete the<br /> folio we just added to the swap cache and exit.<br /> <br /> However, __read_swap_cache_async() returns the folio locked when it is<br /> newly allocated, which is always true for this path, and the folio is<br /> ref&amp;#39;d. Make sure to unlock and put the folio before returning.<br /> <br /> This was discovered by code inspection, probably because this path handles<br /> a race condition that should not happen often, and the bug would not crash<br /> the system, it will only strand the folio indefinitely.