Linux Kernel Migration Type Inconsistency Vulnerability in Page Allocation

A vulnerability in the Linux kernel's page allocation mechanism can lead to migration type inconsistencies. When a page is freed, it merges with a buddy page to form a larger one. The migration type of the buddy page is supposed to be updated to match the freed page. However, only the first pageblock of the buddy is updated, leaving the others unchanged. This oversight triggers warnings in subsequent operations, such as 'expand()', due to the introduced inconsistency between the migration types.

Impact

Exploitation of this vulnerability causes kernel warnings about migration type inconsistencies, which can disrupt normal memory management operations.

Reproduction

The vulnerability can be reproduced by freeing a page that coalesces with a buddy page of a different migration type. Only the first pageblock of the buddy page will have its migration type updated, while the remaining pageblocks will be left unchanged. This can be verified by observing the kernel warnings generated during the 'expand()' function, which will indicate a mismatch in the expected migration types.

Remediation

Users can upgrade to the patched version of the Linux kernel available in the Linux Kernel Stable Tree.