Linux Kernel Contiguous Page Table Access Flags No-Op Vulnerability on Arm64

A vulnerability in the Linux kernel's handling of contiguous page table entries on Arm64 architecture can lead to an infinite fault loop. This issue arises in the 'contpte_ptep_set_access_flags' function, which incorrectly assesses the access flags of page table entries (PTEs) in a contiguous block. The vulnerability is present in Linux kernel versions prior to the fix applied in March 2026.

Impact

The vulnerability can cause page table walkers to enter an infinite fault loop, repeatedly faulting on a target sub-PTE that has not been updated, while only a sibling PTE has changed. This can disrupt normal memory management operations and potentially lead to degraded system performance or stability.

Reproduction

The vulnerability can be reproduced on a CPU without DBM support, or an SMMU without HTTU, or with HA/HD disabled in CD.TCR. Under these conditions, the 'contpte_ptep_set_access_flags' function will gather access and dirty state across the whole CONT block, which can create false no-ops when only a sibling PTE has been updated. This discrepancy can cause the page-table walker to fault on the unchanged target sub-PTE, leading to an infinite fault loop.

Remediation

Users can upgrade to the latest version of the Linux kernel stable tree, where this vulnerability has been addressed.