Linux Kernel HugeTLBFS Memory Corruption Vulnerability

Vulnerability

A vulnerability in the Linux kernel's HugeTLBFS implementation could lead to memory corruption. When a poisoned HugeTLB page is detected, it is currently removed from the page cache. This removal causes future attempts to map or read the huge page to allocate a new one, instead of notifying the user of the poisoning. The vulnerability has been addressed by modifying this behavior. The page is now retained in the page cache, and if a poisoned HugeTLB page is accessed via a syscall, the syscall will fail with an I/O error. Similarly, mapping the page will result in a specific SIGBUS error.

Impact

Exploitation of this vulnerability could cause memory corruption by allowing poisoned HugeTLB pages to be incorrectly handled, potentially leading to erroneous memory operations or data corruption.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel HugeTLBFS Memory Corruption Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating