Linux Kernel Race Condition Vulnerability in Hugetlb Memory Management

A race condition vulnerability has been identified in the Linux kernel's memory management system, specifically within the handling of hugetlb (huge page) memory. The issue arises in the 'smap_hugetlb_range' function, which processes page table entries without holding the necessary lock. This oversight can lead to concurrent modifications during memory migration, causing a system error when the kernel attempts to access a swapped-out page. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability can lead to a race condition that causes a system error, disrupting normal operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by invoking the 'smap_hugetlb_range' function while simultaneously migrating pages that are being accessed. This can be done by adding hugetlb-related fields to the '/proc/PID/smaps' file, which will trigger the race condition when the smaps file is read while pages are being migrated.

Remediation

The vulnerability has been addressed by modifying the 'smap_hugetlb_range' function to include the necessary lock, ensuring that page table entries are handled safely without interference from concurrent migrations.