Acknowledged
Created: Dec 16, 2025
Updated: Dec 18, 2025
Found In Version: 10.25.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 25
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]mm/memfd: fix information leak in hugetlb folios[EOL][EOL]When allocating hugetlb folios for memfd, three initialization steps are[EOL]missing:[EOL][EOL]1. Folios are not zeroed, leading to kernel memory disclosure to userspace[EOL]2. Folios are not marked uptodate before adding to page cache[EOL]3. hugetlb_fault_mutex is not taken before hugetlb_add_to_page_cache()[EOL][EOL]The memfd allocation path bypasses the normal page fault handler[EOL](hugetlb_no_page) which would handle all of these initialization steps. [EOL]This is problematic especially for udmabuf use cases where folios are[EOL]pinned and directly accessed by userspace via DMA.[EOL][EOL]Fix by matching the initialization pattern used in hugetlb_no_page():[EOL]- Zero the folio using folio_zero_user() which is optimized for huge pages[EOL]- Mark it uptodate with folio_mark_uptodate()[EOL]- Take hugetlb_fault_mutex before adding to page cache to prevent races[EOL][EOL]The folio_zero_user() change also fixes a potential security issue where[EOL]uninitialized kernel memory could be disclosed to userspace through read()[EOL]or mmap() operations on the memfd.
