Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:mm: cachestat: fix folio read-after-free in cache walkIn cachestat, we access the folio from the page cache's xarray to computeits page offset, and check for its dirty and writeback flags. However, wedo not hold a reference to the folio before performing these actions,which means the folio can concurrently be released and reused as anotherfolio/page/slab.Get around this altogether by just using xarray's existing machinery forthe folio page offsets and dirty/writeback states.This changes behavior for tmpfs files to now always report zeroes in theirdirty and writeback counters. This is okay as tmpfs doesn't followconventional writeback cache behavior: its pages get "cleaned" duringswapout, after which they're no longer resident etc.
No PoCs from references.
- https://github.com/fkie-cad/nvd-json-data-feeds