https://vulnerability.circl.lu/sightings/feedMost recent sightings.2026-05-06T18:42:43.253615+00:00Vulnerability-Lookupinfo@circl.lupython-feedgenContains only the most 10 recent sightings.https://vulnerability.circl.lu/sighting/6f78f717-5b7d-4e2a-b4cd-4758f83cfd75/export6f78f717-5b7d-4e2a-b4cd-4758f83cfd752026-05-06T18:42:43.702416+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "6f78f717-5b7d-4e2a-b4cd-4758f83cfd75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42234", "type": "seen", "source": "https://t.me/cvedetector/2707", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-42234 - Linux Kernel Folio Migration Double Free Vulnerability (DD) - memcontrol\", \n \"Content\": \"CVE ID : CVE-2024-42234 \nPublished : Aug. 7, 2024, 4:15 p.m. | 15\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nmm: fix crashes from deferred split racing folio migration \n \nEven on 6.10-rc6, I've been seeing elusive \"Bad page state\"s (often on \nflags when freeing, yet the flags shown are not bad: PG_locked had been \nset and cleared??), and VM_BUG_ON_PAGE(page_ref_count(page) == 0)s from \ndeferred_split_scan()'s folio_put(), and a variety of other BUG and WARN \nsymptoms implying double free by deferred split and large folio migration. \n \n6.7 commit 9bcef5973e31 (\"mm: memcg: fix split queue list crash when large \nfolio migration\") was right to fix the memcg-dependent locking broken in \n85ce2c517ade (\"memcontrol: only transfer the memcg data for migration\"), \nbut missed a subtlety of deferred_split_scan(): it moves folios to its own \nlocal list to work on them without split_queue_lock, during which time \nfolio->_deferred_list is not empty, but even the \"right\" lock does nothing \nto secure the folio and the list it is on. \n \nFortunately, deferred_split_scan() is careful to use folio_try_get(): so \nfolio_migrate_mapping() can avoid the race by folio_undo_large_rmappable() \nwhile the old folio's reference count is temporarily frozen to 0 - adding \nsuch a freeze in the !mapping case too (originally, folio lock and \nunmapping and no swap cache left an anon folio unreachable, so no freezing \nwas needed there: but the deferred split queue offers a way to reach it). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"07 Aug 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-07T18:38:48.000000Z"}2024-08-07T18:38:48+00:00