Linux Kernel Memory Corruption Vulnerability in HugeTLB Handling

Vulnerability

A vulnerability in the Linux kernel's handling of huge pages can lead to memory corruption or information leaks. The issue arises in the hugetlb_no_page() function, which calls folio_zero_user() with a fault address that may not be properly aligned with the huge page size. This misalignment can cause clear_gigantic_page() to receive an address that violates its alignment requirements. The vulnerability has been addressed by ensuring that the fault address is aligned with the huge page size and by renaming the address parameter for clarity.

Impact

The vulnerability can cause memory corruption or information leaks.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

3.1

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

3.1

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Memory Corruption Vulnerability in HugeTLB Handling

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating