= size, or !huge_pte_none(), the code will detect that new_pagecache_page == false, and so call restore_reserve_on_error(). In this case I see restore_reserve_on_error() delete the reservation, and the following call to remove_inode_hugepages() will increment h->resv_hugepages causing a 100% reproducible leak. We should treat the is_continue case similar to adding a page into the pagecache and set new_pagecache_page to true, to indicate that there is no reservation to restore on the error path, and we need not call restore_reserve_on_error(). Rename new_pagecache_page to page_in_pagecache to make that clear. "> = size,,or,!huge_pte_none(),,the,code,will,detect,that new_pagecache_page,==,false,,and,so,call,restore_reserve_on_error(). In,this,case,I,see,restore_reserve_on_error(),delete,the,reservation, and,the,following,call,to,remove_inode_hugepages(),will,increment h->resv_hugepages,causing,a,100%,reproducible,leak.,We,should,treat the,is_continue,case,similar,to,adding,a,page,into,the,pagecache,and set,new_pagecache_page,to,true,,to,indicate,that,there,is,no reservation,to,restore,on,the,error,path,,and,we,need,not,call restore_reserve_on_error().,Rename,new_pagecache_page,to page_in_pagecache,to,make,that,clear. "> SecuritySpace - CVE-2021-47214
 
English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2021-47214
Description:In the Linux kernel, the following vulnerability has been resolved: hugetlb, userfaultfd: fix reservation restore on userfaultfd error Currently in the is_continue case in hugetlb_mcopy_atomic_pte(), if we bail out using "goto out_release_unlock;" in the cases where idx >= size, or !huge_pte_none(), the code will detect that new_pagecache_page == false, and so call restore_reserve_on_error(). In this case I see restore_reserve_on_error() delete the reservation, and the following call to remove_inode_hugepages() will increment h->resv_hugepages causing a 100% reproducible leak. We should treat the is_continue case similar to adding a page into the pagecache and set new_pagecache_page to true, to indicate that there is no reservation to restore on the error path, and we need not call restore_reserve_on_error(). Rename new_pagecache_page to page_in_pagecache to make that clear.
Test IDs: None available
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2021-47214
https://git.kernel.org/stable/c/b5069d44e2fbc4a9093d005b3ef0949add3dd27e
https://git.kernel.org/stable/c/b5069d44e2fbc4a9093d005b3ef0949add3dd27e
https://git.kernel.org/stable/c/cc30042df6fcc82ea18acf0dace831503e60a0b7
https://git.kernel.org/stable/c/cc30042df6fcc82ea18acf0dace831503e60a0b7



© 1998-2025 E-Soft Inc. All rights reserved.