On Linux 3.6 and later is is possible to leak or corrupt data that resides on hugetlbs. Such data can reside on hugetlbfs, for instance, if the victim runs mmap() using the MAP_HUGETLB or shmget() with SHM_HUGETLB. The bug is caused due to a missing TLB flush when unmapping of a page of PMDs is performed by clearing a PUD. While the comment in the code claims that it is safe, it is not since no flush would take place under these circumstances (unless, of course it was needed for some other reason).
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2026926]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1975 https://access.redhat.com/errata/RHSA-2022:1975
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1988 https://access.redhat.com/errata/RHSA-2022:1988
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-4002