CVE-2024-49873: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability in the Linux kernel's memory management subsystem has been identified as CVE-2024-49873. The issue occurs in the filemapgetfolioscontig function when using memfdpin_folios with hugetlb pages and Transparent Huge Pages (THP). The vulnerability was discovered and patched in October 2024, affecting Linux kernel versions from 6.11 up to (excluding) 6.11.3 (NVD).

The vulnerability manifests as a NULL pointer dereference when the starting offset passed to memfdpinfolios is not huge page aligned. The bug occurs because memfdpinfolios does not round the indices passed to filemapgetfolios_contig to huge page boundaries for THP, resulting in loading from the middle of a huge page range and encountering a sibling entry. The issue has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD, Kernel Patch).

When exploited, this vulnerability can cause a kernel panic through NULL pointer dereference, leading to a denial of service condition. The bug specifically affects systems using THP (Transparent Huge Pages) when the memfdpinfolios function is called with non-aligned offsets (NVD).

The issue has been fixed in the Linux kernel through a patch that adds a check for xarray sibling entries in the filemapgetfolios_contig function. When a sibling entry is encountered, the code now properly handles it by continuing at the end of the THP range (Kernel Patch).