CVE-2024-56673: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, a vulnerability (CVE-2024-56673) was discovered in the RISC-V memory management subsystem. The issue affects the vmemmap page table teardown process when using RV64 with SPARSEMEM_VMEMMAP. The vulnerability was disclosed on December 27, 2024, and affects Linux kernel versions from 6.11 up to (excluding) 6.12.6, as well as versions 6.13-rc1 and 6.13-rc2 (NVD).

The vulnerability stems from incorrect handling of page middle directory (PMD) destructors during vmemmap page table teardown. The vmemmap's page tables are populated using PMD hugetables, but the PMD allocation doesn't use the generic VMA code mechanism or RISC-V specific mapping functions. Instead, it directly allocates a page and calls vmemmapsetpmd(). This results in the PMD constructor not being called. However, during teardown, the code incorrectly calls the PMD destructor unconditionally, leading to a system crash (Kernel Patch).

When exploited, this vulnerability can result in a kernel panic and system crash. This was particularly observed when running HMM (Heterogeneous Memory Management) selftests, specifically when unloading the testhmm.ko module. The issue manifests as a kernel BUG with VMBUGONPAGE assertions, leading to fatal exceptions in interrupt handling (NVD).

The vulnerability has been patched by adding a check to avoid calling the PMD destructor if the calling context is vmemmap_free(). Users are advised to upgrade to Linux kernel version 6.12.6 or later, which contains the fix. The patch has been backported to affected stable kernel versions (Kernel Patch).