In the Linux kernel, the following vulnerability has been resolved: mm:
khugepaged: skip huge page collapse for special files The read-only THP for
filesystems will collapse THP for files opened readonly and mapped with
VM_EXEC. The intended usecase is to avoid TLB misses for large text
segments. But it doesn’t restrict the file types so a THP could be
collapsed for a non-regular file, for example, block device, if it is
opened readonly and mapped with EXEC permission. This may cause bugs, like
[1] and [2]. This is definitely not the intended usecase, so just collapse
THP for regular files in order to close the attack surface.
[[email protected]: fix vm_file check [3]]
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-bluefield | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-gcp | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-gkeop | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-ibm | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-iot | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-kvm | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-oracle | < any | UNKNOWN |
git.kernel.org/linus/a4aeaa06d45e90f9b279f0b09de84bd00006e733 (5.15)
git.kernel.org/stable/c/5fcb6fce74ffa614d964667110cf1a516c48c6d9
git.kernel.org/stable/c/6d67b2a73b8e3a079c355bab3c1aef7d85a044b8
git.kernel.org/stable/c/a4aeaa06d45e90f9b279f0b09de84bd00006e733
launchpad.net/bugs/cve/CVE-2021-47491
nvd.nist.gov/vuln/detail/CVE-2021-47491
security-tracker.debian.org/tracker/CVE-2021-47491
www.cve.org/CVERecord?id=CVE-2021-47491