Linux Kernel Folio Lock Vulnerability in Memory Hotplug and HWPoison Handling

A vulnerability exists in the Linux kernel's memory hotplug and HWPoison handling, specifically in versions prior to 6.13.0. The issue arises because the folio lock is not held before unmapping HWPoisoned folios, which can lead to a kernel bug. The vulnerability was introduced by a commit that allowed HWPoisoned pages to be offlined but failed to ensure proper locking before unmapping, creating a potential for memory management errors.

Impact

Unmapping a HWPoisoned folio without the proper lock can cause a kernel bug, leading to internal errors and potential instability in the system.

Reproduction

The vulnerability can be reproduced by offlining HWPoisoned pages without first locking the corresponding folio. This can be done by triggering a memory hotplug action that attempts to offline HWPoisoned pages, while bypassing the necessary locking mechanism. The resulting unmap operation will generate a kernel bug, indicating that a folio was improperly handled.