CVE-2024-42234

Summary

CVE-2024-42234 is a vulnerability affecting the Linux kernel that involved crashes from deferred split racing folio migration. The issue was caused by a subtlety in the deferred_split_scan() function, where a folio's reference count could temporarily drop to zero during migration, leaving it vulnerable to double free. This issue could lead to a variety of symptoms including BUG and WARN messages, implying double free by deferred split and large folio migration. The vulnerability was addressed by adding a freeze on the folio's reference count during deferred split processing to prevent the double free race. Previously, a commit in version 6.7 had addressed memcg-dependent locking issues, but missed the subtlety of the folio_try_get() function used in deferred_split_scan(). This vulnerability could potentially allow an attacker to manipulate memory and cause system crashes.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.