Description
extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for try_grab_page.
References (5)
Core 5
Core References
Mailing List, Patch
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f443fd5af5dbd531f880d3645d5dd36976cf087f
Exploit, Mailing List, Third Party Advisory
https://lkml.org/lkml/2023/8/3/323
Mailing List, Patch
https://lore.kernel.org/linux-crypto/20571.1690369076%40warthog.procyon.org.uk/
Third Party Advisory
https://security.netapp.com/advisory/ntap-20231110-0009/
Scores
CVSS v3
6.3
EPSS
0.0004
EPSS Percentile
13.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
Details
Status
published
Products (5)
linux/linux_kernel
< 6.4.12
netapp/h300s_firmware
netapp/h410s_firmware
netapp/h500s_firmware
netapp/h700s_firmware
Published
Oct 16, 2023
Tracked Since
Feb 18, 2026