CVE-2024-49873

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mm/filemap: fix filemap_get_folios_contig THP panic<br /> <br /> Patch series "memfd-pin huge page fixes".<br /> <br /> Fix multiple bugs that occur when using memfd_pin_folios with hugetlb<br /> pages and THP. The hugetlb bugs only bite when the page is not yet<br /> faulted in when memfd_pin_folios is called. The THP bug bites when the<br /> starting offset passed to memfd_pin_folios is not huge page aligned. See<br /> the commit messages for details.<br /> <br /> <br /> This patch (of 5):<br /> <br /> memfd_pin_folios on memory backed by THP panics if the requested start<br /> offset is not huge page aligned:<br /> <br /> BUG: kernel NULL pointer dereference, address: 0000000000000036<br /> RIP: 0010:filemap_get_folios_contig+0xdf/0x290<br /> RSP: 0018:ffffc9002092fbe8 EFLAGS: 00010202<br /> RAX: 0000000000000002 RBX: 0000000000000002 RCX: 0000000000000002<br /> <br /> The fault occurs here, because xas_load returns a folio with value 2:<br /> <br /> filemap_get_folios_contig()<br /> for (folio = xas_load(&amp;xas); folio &amp;&amp; xas.xa_index