Linux Kernel VMA Anon VMA Race Condition Vulnerability in Khugepaged Component

Vulnerability

A vulnerability has been identified in the Linux kernel's khugepaged component, related to a race condition involving the virtual memory area (VMA) and its associated anon_vma. The issue arises when the collapse_and_free_pmd() function attempts to remove page tables without properly locking the anon_vma, allowing for concurrent access and potential use-after-free errors. This vulnerability can trigger a lockdep warning and disrupt normal memory management operations.

Impact

Exploitation of this vulnerability can cause a use-after-free condition, leading to memory corruption and potential arbitrary code execution.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel VMA Anon VMA Race Condition Vulnerability in Khugepaged Component

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating