CVE-2024-50222: 
CBL Mariner vulnerability analysis and mitigation

A vulnerability in the Linux kernel's ioviter component has been identified as CVE-2024-50222. The issue affects the copypagefromiteratomic() function when CONFIGDEBUGKMAPLOCALFORCEMAP is enabled with highmem on x86_32 systems. The vulnerability was discovered and reported by Hugh Dickins, with the fix being merged in October 2024 (Kernel Patch).

The vulnerability occurs in the copypagefromiteratomic() function when handling compound highmem pages with CONFIGDEBUGKMAPLOCALFORCEMAP enabled. On x8632 systems with highmem and huge=always tmpfs configuration, the system issues a warning at mm/highmem.c:622 kunmaplocalindexed+0x62/0xc9 and then hangs interruptibly. The CVSS v3.1 score for this vulnerability is 7.8 (HIGH) with a vector of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

When exploited, this vulnerability can cause the system to hang in an interruptible state, potentially leading to a denial of service condition. The issue affects Linux kernel versions from 6.6 through 6.6.60, versions 6.7 through 6.11.7, and various release candidates of version 6.12 (rc1 through rc5) (NVD).

The issue has been fixed by modifying the copypagefromiteratomic() function to properly handle cases where CONFIGDEBUGKMAPLOCALFORCEMAP is enabled. The fix involves limiting the function's behavior in such cases, similar to the approach used in skbfragmustloop(). The patch has been merged into the Linux kernel (Kernel Patch).