{"uuid": "6f78f717-5b7d-4e2a-b4cd-4758f83cfd75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-42234", "type": "seen", "source": "https://t.me/cvedetector/2707", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42234 - Linux Kernel Folio Migration Double Free Vulnerability (DD) - memcontrol\", \n  \"Content\": \"CVE ID : CVE-2024-42234 \nPublished : Aug. 7, 2024, 4:15 p.m. | 15\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nmm: fix crashes from deferred split racing folio migration  \n  \nEven on 6.10-rc6, I've been seeing elusive \"Bad page state\"s (often on  \nflags when freeing, yet the flags shown are not bad: PG_locked had been  \nset and cleared??), and VM_BUG_ON_PAGE(page_ref_count(page) == 0)s from  \ndeferred_split_scan()'s folio_put(), and a variety of other BUG and WARN  \nsymptoms implying double free by deferred split and large folio migration.  \n  \n6.7 commit 9bcef5973e31 (\"mm: memcg: fix split queue list crash when large  \nfolio migration\") was right to fix the memcg-dependent locking broken in  \n85ce2c517ade (\"memcontrol: only transfer the memcg data for migration\"),  \nbut missed a subtlety of deferred_split_scan(): it moves folios to its own  \nlocal list to work on them without split_queue_lock, during which time  \nfolio->_deferred_list is not empty, but even the \"right\" lock does nothing  \nto secure the folio and the list it is on.  \n  \nFortunately, deferred_split_scan() is careful to use folio_try_get(): so  \nfolio_migrate_mapping() can avoid the race by folio_undo_large_rmappable()  \nwhile the old folio's reference count is temporarily frozen to 0 - adding  \nsuch a freeze in the !mapping case too (originally, folio lock and  \nunmapping and no swap cache left an anon folio unreachable, so no freezing  \nwas needed there: but the deferred split queue offers a way to reach it). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-07T18:38:48.000000Z"}