A bug was discovered in the hwpoison implementation in mm/memory-failure.c in the Linux kernel. When soft_offline_in_use_page() is run for a thp tail page after pmd is split, a privileged attacker can cause a denial of service (DoS). A privileges access is required for an attacker to trigger this bug, henceforth, we believe this bug is not a security flaw. Upstream patches: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=46612b751c4941c5c0472ddf04027e877ae5990f https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c3901e722b2975666f42748340df798114742d6d
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1695050]
This was fixed for Fedora with the 5.0.4 stable kernel updates
Note: A privileges access (a real "root") is required for an attacker to trigger this bug. Henceforth, we believe this bug is not a security flaw. For example, soft_offline_in_use_page() can be called by soft_offline_page which in turn is called from madvise_inject_error() which allows to execute it only by a privileged user (a real "root"): [mm/madvise.c] static int madvise_inject_error(int behavior, unsigned long start, unsigned long end) { ... if (!capable(CAP_SYS_ADMIN)) return -EPERM;