CVE-2024-53105: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability in the Linux kernel's memory management subsystem was discovered where pages being freed using freepage() still had an mlocked flag at freepages_prepare() stage. The issue was identified by Syzbot and has been assigned CVE-2024-53105. The vulnerability affects the memory management (mm) subsystem, specifically the page allocation mechanism (Kernel Git).

The vulnerability was caused by a page being freed while still having the mlocked flag set, resulting in a bad page state. This occurred when using lower-level getpage()/freepage() APIs, particularly in KVM (Kernel Virtual Machine) usage. The issue was originally introduced by commit b109b87050df which focused on handling pagecache and anonymous memory but wasn't suitable for these lower-level APIs (Kernel Git).

The bug is considered relatively harmless, primarily causing warning messages in system logs. However, it does result in a small memory leak as 'bad' pages are prevented from being reallocated. This could potentially lead to gradual system memory degradation over time (Kernel Git).

The issue has been fixed by moving the mlocked flag clearance down to freepageprepare(). This patch has been merged into the Linux kernel and is available in updated versions. The fix is included in various distribution updates, including Debian 11 (bullseye) version 6.1.128-1~deb11u1 (Debian LTS).