Linux Kernel Memory Management Vulnerability in mprotect Handling

A vulnerability in the Linux kernel's memory management subsystem has been identified, specifically in the handling of the 'mprotect' system call. This issue arises from a recent change that added a type check for swap entries, which inadvertently introduced a kernel bug. The vulnerability can lead to a kernel crash by triggering a 'BUG' condition when the 'pfn_swap_entry_to_page' function is called with a genuine swap entry. The problem occurs because the function is not properly validating the type of the swap entry before reference, particularly in cases of write migration entries where the page is actively used.

Impact

Exploitation of this vulnerability causes a kernel panic, leading to a system crash.

Reproduction

The vulnerability can be reproduced by invoking the 'mprotect' system call with a genuine swap entry that is a write migration entry. This can be done by creating a scenario where the swap entry is active and then applying the 'mprotect' call, which will trigger the improper handling and cause a kernel crash.