A flaw was found in the patches used to fix the ‘dirtycow’ vulnerability (CVE-2016-5195). An attacker, able to run local code, can exploit a race condition in transparent huge pages to modify usually read-only huge pages.
Disabling the use of zero page:
It is possible to prevent the zero page from being mapped as a huge page, by modifying a configuration tunable in the /sys directory as shown below. This prevents the flaw from being exercised in this method.
Disabling huge pages:
It is possible to mitigate this flaw by disabling hugepages on a system. Some user applications may require hugepages to be performant, and may suffer a performance penalty when running without hugepages.
Red Hat has existing solutions created instructing how to disable transparent
How to disable transparent hugepages (THP) on Red Hat Enterprise Linux 7
<https://access.redhat.com/solutions/1320153>
If your application may require transparent huge pages, please consult your software vendor to confirm.