A flaw in the Linux Kernel found. Null pointer dereference in hugetlbfs_fill_super function for hugetlbfs (HugeTLB pages). The issue presents when we attempt to update the pagesize value to an invalid size with the fsconfig syscall. This syscall will eventually call hugetlbfs_parse_param() where we will set the hstate value to null if the value passed is not a valid page size. If we then attempt to update the fs again with a fsconfig syscall, specifically with the FSCONFIG_CMD_CREATE option, we will then attempt to dereference that null pointer within hugetlbfs_fill_super() causing a panic.
Hey Alex, When are we planning on lifting the embargo? I need to know so that I can plan how I'm going to submit the patch upstream. Thanks!
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2260734]
In reply to comment #9: > Hey Alex, > > When are we planning on lifting the embargo? I need to know so that I can > plan how I'm going to submit the patch upstream. Thanks! Unembargoed.
(In reply to Audra Mitchell from comment #9) > Hey Alex, > > When are we planning on lifting the embargo? I need to know so that I can > plan how I'm going to submit the patch upstream. Thanks! Alex, once this has been submitted upstream, can you post a cross reference here? Would be much appreciated! Regards, Salvatore
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2394