1.3 KiB
CVE-2024-26630
Description
In the Linux kernel, the following vulnerability has been resolved:mm: cachestat: fix folio read-after-free in cache walkIn cachestat, we access the folio from the page cache's xarray to computeits page offset, and check for its dirty and writeback flags. However, wedo not hold a reference to the folio before performing these actions,which means the folio can concurrently be released and reused as anotherfolio/page/slab.Get around this altogether by just using xarray's existing machinery forthe folio page offsets and dirty/writeback states.This changes behavior for tmpfs files to now always report zeroes in theirdirty and writeback counters. This is okay as tmpfs doesn't followconventional writeback cache behavior: its pages get "cleaned" duringswapout, after which they're no longer resident etc.
POC
Reference
No PoCs from references.