Linux Kernel Copy User Gigantic Page Vulnerability Allows Memory Corruption or Information Leak

Vulnerability

A vulnerability in the Linux kernel's handling of huge pages can lead to memory corruption or information leaks. The issue arises in the 'copy_user_gigantic_page()' function, which requires addresses to be aligned with huge page sizes. However, the 'hugetlb_wp()' function currently passes fault addresses that may not be properly aligned. This misalignment can cause 'copy_user_large_folio()' to call 'copy_user_gigantic_page()' with an incorrect address, potentially leading to the mentioned consequences.

Impact

Exploitation of this vulnerability could result in memory corruption or unauthorized information disclosure.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

1.3

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

1.3

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Copy User Gigantic Page Vulnerability Allows Memory Corruption or Information Leak

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating