CVE-2024-35877: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-35877 affects the Linux kernel's x86/mm/pat subsystem, specifically in handling VM_PAT for Copy-On-Write (COW) mappings. The vulnerability was discovered in May 2024 and affects the Linux kernel's memory management system (Kernel Git).

The vulnerability occurs in the PAT (Page Attribute Table) handling mechanism where PTEs can be replaced during write faults to point at anonymous folios in COW mappings. The issue prevents reliable recovery of the correct PFN and cachemode using followphys() from PTEs in COW mappings, potentially leading to incorrect address protection handling or failures in followphys() operations (Kernel Git).

The vulnerability can result in memory leaks and system warnings due to improper handling of memory types. When triggered, it can cause WARNONONCE() in untrackpfn() and trackpfncopy() functions, and may lead to improper calling of freepfn_range(), potentially affecting system stability (Kernel Git).

The issue has been fixed by updating followphys() to refuse returning anon folios and implementing a fallback mechanism to use the stored PFN inside vma->vmpgoff for COW mappings. The fix is included in various Linux distribution updates including Red Hat Enterprise Linux (Red Hat) and Ubuntu (Ubuntu).