In the Linux kernel, the following vulnerability has been resolved: hugetlb, userfaultfd: fix reservation restore on userfaultfd error Currently in the is_continue case in hugetlb_mcopy_atomic_pte(), if we bail out using "goto out_release_unlock;" in the cases where idx >= size, or !huge_pte_none(), the code will detect that new_pagecache_page == false, and so call restore_reserve_on_error(). In this case I see restore_reserve_on_error() delete the reservation, and the following call to remove_inode_hugepages() will increment h->resv_hugepages causing a 100% reproducible leak. We should treat the is_continue case similar to adding a page into the pagecache and set new_pagecache_page to true, to indicate that there is no reservation to restore on the error path, and we need not call restore_reserve_on_error(). Rename new_pagecache_page to page_in_pagecache to make that clear.
Published 2024-04-10 19:15:49
Updated 2024-04-10 19:49:51
Source Linux
View at NVD,   CVE.org

Products affected by CVE-2021-47214

Please log in to view affected product information.

Exploit prediction scoring system (EPSS) score for CVE-2021-47214

0.04%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 9 %
Percentile, the proportion of vulnerabilities that are scored at or less

References for CVE-2021-47214

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!