Bugzilla – Bug 1220944
VUL-0: CVE-2024-26621: kernel: mm: huge_memory: don't force huge page alignment on 32 bit
Last modified: 2024-03-05 13:59:27 UTC
In the Linux kernel, the following vulnerability has been resolved: mm: huge_memory: don't force huge page alignment on 32 bit commit efa7df3e3bb5 ("mm: align larger anonymous mappings on THP boundaries") caused two issues [1] [2] reported on 32 bit system or compat userspace. It doesn't make too much sense to force huge page alignment on 32 bit system due to the constrained virtual address space. [1] https://lore.kernel.org/linux-mm/d0a136a0-4a31-46bc-adf4-2db109a61672@kernel.org/ [2] https://lore.kernel.org/linux-mm/CAJuCfpHXLdQy1a2B6xN2d7quTYwg2OoZseYPZTRpU0eHHKD-sQ@mail.gmail.com/ References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-26621 https://www.cve.org/CVERecord?id=CVE-2024-26621 https://git.kernel.org/stable/c/4ef9ad19e17676b9ef071309bc62020e2373705d https://git.kernel.org/stable/c/7432376c913381c5f24d373a87ff629bbde94b47 https://bugzilla.redhat.com/show_bug.cgi?id=2267505
Introduced by efa7df3e3bb5 ("mm: align larger anonymous mappings on THP boundaries") (6.7 and never backported to older code streams). So only stable branch is affected and fixed already. Btw. the only security related aspect of this fix is that efa7df3e3bb5 has broken ASLR on 32b applications.
This is a duplicate of bug 1218800
Thanks Michal, closing this. *** This bug has been marked as a duplicate of bug 1218800 ***