Description
In the Linux kernel, the following vulnerability has been resolved: mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages The h->*_huge_pages counters are protected by the hugetlb_lock, but alloc_huge_page has a corner case where it can decrement the counter outside of the lock. This could lead to a corrupted value of h->resv_huge_pages, which we have observed on our systems. Take the hugetlb_lock before decrementing h->resv_huge_pages to avoid a potential race.
Product status
a88c769548047b21f76fd71e04b6a3300ff17160 (git) before 3e50a07b6a5fcd39df1534d3fdaca4292a65efe6
a88c769548047b21f76fd71e04b6a3300ff17160 (git) before 629c986e19fe9481227c7cdfd9a105bbc104d245
a88c769548047b21f76fd71e04b6a3300ff17160 (git) before 2b35432d324898ec41beb27031d2a1a864a4d40e
a88c769548047b21f76fd71e04b6a3300ff17160 (git) before 11993652d0b49e27272db0a37aa828d8a3a4b92b
a88c769548047b21f76fd71e04b6a3300ff17160 (git) before 568e3812b1778b4c0c229649b59977d88f400ece
a88c769548047b21f76fd71e04b6a3300ff17160 (git) before 112a005d1ded04a4b41b6d01833cc0bda90625cc
a88c769548047b21f76fd71e04b6a3300ff17160 (git) before c828fab903725279aa9dc6ae3d44bb7e4778f92c
a88c769548047b21f76fd71e04b6a3300ff17160 (git) before 12df140f0bdfae5dcfc81800970dd7f6f632e00c
3f5fae4d1a3189d95b02b4b45e1218df147122bc (git)
4.4
Any version before 4.4
4.9.332 (semver)
4.14.298 (semver)
4.19.264 (semver)
5.4.223 (semver)
5.10.153 (semver)
5.15.76 (semver)
6.0.6 (semver)
6.1 (original_commit_for_fix)
References
git.kernel.org/...c/3e50a07b6a5fcd39df1534d3fdaca4292a65efe6
git.kernel.org/...c/629c986e19fe9481227c7cdfd9a105bbc104d245
git.kernel.org/...c/2b35432d324898ec41beb27031d2a1a864a4d40e
git.kernel.org/...c/11993652d0b49e27272db0a37aa828d8a3a4b92b
git.kernel.org/...c/568e3812b1778b4c0c229649b59977d88f400ece
git.kernel.org/...c/112a005d1ded04a4b41b6d01833cc0bda90625cc
git.kernel.org/...c/c828fab903725279aa9dc6ae3d44bb7e4778f92c
git.kernel.org/...c/12df140f0bdfae5dcfc81800970dd7f6f632e00c
