Linux Kernel NULL Pointer Dereference Vulnerability in Huge Memory Management

A NULL pointer dereference vulnerability has been identified in the Linux kernel's memory management of huge pages. This issue arises in shmem folios that are in the swap cache and truncated folios, where the mapping pointer can be NULL. The vulnerability was introduced by a commit that added an early check on the folio's order via mapping->flags, which inadvertently created a bug. Accessing mapping->flags when the mapping is NULL leads to a NULL pointer dereference.

Impact

Exploitation of this vulnerability causes a NULL pointer dereference, leading to a crash of the affected system or application.

Reproduction

The vulnerability can be reproduced by creating a shmem folio that is either truncated or in the swap cache. When such a folio is processed by the 'split_huge_page_to_list_to_order' function, the NULL pointer dereference occurs.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.