CVE-2024-50200: 
Linux Kernel vulnerability analysis and mitigation

A subtle maple tree corruption bug has been discovered in the Linux kernel that has existed since the inception of the algorithm. The vulnerability (CVE-2024-50200) became more prominent after the implementation of commit f8d112a4e657 ("mm/mmap: avoid zeroing vma tree in mmap_region()"). The bug occurs when attempting to perform a spanning store across two leaf nodes, where the right leaf node is the rightmost child of the shared parent, and the store completely consumes the right-mode node (Kernel Git).

The vulnerability arises in the maswrspanningstore() function where it mistakenly duplicates new and existing entries at the maximum pivot within the range, leading to maple tree corruption. The issue occurs during the store operation when it attempts to overwrite overlapping ranges and adjust the tree. When a spanning store is required, the function stops at the parent node containing the target range, and maswrstoretype() marks the mas->storetype as wrspanning_store (Kernel Git).

The vulnerability results in maple tree corruption, which can lead to system instability. This was particularly observed after the release of kernel v6.12-rc1, where users encountered mm instability that was later identified as maple tree corruption through the use of CONFIGDEBUGVMMAPLETREE and similar configuration options (Kernel Git).

A fix has been implemented that detects if the right hand node is populated by checking if the maximum value present exceeds the last, rather than basing this on offset position. The patch also updates comments and eliminates the unused bool return value in maswrwalk_index(). The fix has been tested and confirmed to resolve the issues by both Bert Karwatzki and Mikhail Gavrilov (Kernel Git).