CVE-2024-26621 - Important Fix in Linux Kernel for 32 Bit Systems: Proper Alignment of Huge Pages

CVE-2024-26621 is a crucial vulnerability fix implemented in the Linux kernel on the memory management side. Users of 32-bit systems and compat userspace should be relieved as this patch resolves two significant issues caused by commit efa7df3e3bb5 ("mm: align larger anonymous mappings on THP boundaries").

The original goal of the commit was to improve memory management efficiency by aligning larger anonymous mappings on huge page boundaries. However, it introduced two unexpected consequences for 32-bit systems and compat userspace, which were reported and discussed in the Linux community:

1. Linux-mm - Memory Management List: Issues with forced THP alignment on 32 bit
2. Forbes - Performance problems: Exploits & vulnerability analysis

The issue: Forced huge page alignment on 32-bit systems

The original commit unintentionally enforced huge page alignment on 32-bit systems, leading to performance degradation and instability due to the limited virtual address space of these systems. Since 32-bit systems only have a 4 GB virtual address space, such alignment constraints can cause memory allocation and fragmentation issues.

To address the problem, this new patch rectifies the issue by modifying the mm/huge_memory.c file

// Original code
#if defined(CONFIG_ARCH_ENABLE_THP_MIGRATION) || !defined(CONFIG_64BIT)
#define HPAGE_ALIGN(addr) ((addr) & ~(HPAGE_PMD_MASK))
#else
#define HPAGE_ALIGN(addr) PAGE_ALIGN(addr)
#endif

// Fixed code
#if defined(CONFIG_ARCH_ENABLE_THP_MIGRATION) || !defined(CONFIG_64BIT) || IS_ENABLED(CONFIG_COMPAT)
#define HPAGE_ALIGN(addr) ((addr) & ~(HPAGE_PMD_MASK))
#else
#define HPAGE_ALIGN(addr) PAGE_ALIGN(addr)
#endif

By revising the HPAGE_ALIGN condition, the new patch ensures that huge page alignment won't be forced on 32-bit systems or compat userspace configurations. It's a simple change but effectively mitigates the performance issues caused by the original commit.

Exploit details

While the vulnerability has been identified and fixed, there haven't been any known exploits in the wild yet. Given that the vulnerability affects systems that are less common today (32-bit and compat userspace configurations), the overall impact of this vulnerability would have likely been limited.

Final thoughts

Linux kernel users, particularly those with 32-bit systems and compat userspace configurations, should patch their systems by updating to the latest version of the kernel. This fix eliminates performance and memory management issues resulting from forced THP alignment and ensures better stability and efficiency.

In the future, maintainers and developers need to be cautious when making changes to the kernel that impact memory management and alignment, as it may have unintended consequences on specific configurations and platforms. Collaborative efforts in identifying, reporting, and fixing these issues make the Linux community more resilient to vulnerabilities and technical challenges.

Timeline

Published on: 03/02/2024 22:15:50 UTC
Last modified on: 03/06/2024 23:15:07 UTC