1.6 KiB
CVE-2024-50017
Description
In the Linux kernel, the following vulnerability has been resolved:x86/mm/ident_map: Use gbpages only where full GB page should be mapped.When ident_pud_init() uses only GB pages to create identity maps, largeranges of addresses not actually requested can be included in the resultingtable; a 4K request will map a full GB. This can include a lot of extraaddress space past that requested, including areas marked reserved by theBIOS. That allows processor speculation into reserved regions, that on UVsystems can cause system halts.Only use GB pages when map creation requests include the full GB page ofspace. Fall back to using smaller 2M pages when only portions of a GB pageare included in the request.No attempt is made to coalesce mapping requests. If a request requires amap entry at the 2M (pmd) level, subsequent mapping requests within thesame 1G region will also be at the pmd level, even if adjacent oroverlapping such requests could have been combined to map a full GB page.Existing usage starts with larger regions and then adds smaller regions, sothis should not have any great consequence.
POC
Reference
No PoCs from references.