CVE-2024-57883: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-57883 affects the Linux kernel's memory management subsystem, specifically the hugetlb component. The vulnerability was discovered and disclosed in January 2025, impacting the folio refcount mechanism in the huge page table management. The issue occurs when the folio refcount may be unexpectedly increased through trygetfolio() by callers such as splithugepages (Kernel Git).

The vulnerability stems from an incorrect check in hugepmdunshare() function where the refcount is used to determine whether a PMD page table is shared. When the refcount is increased by certain callers like damon, offlinepage, or pageidle, the check becomes invalid. This can lead to page table leaks, manifesting as a 'Bad page state' bug with nonzero mapcount and incorrect refcount handling (NVD).

The vulnerability results in two primary impacts: 1) The page table itself gets discarded after reporting the 'nonzero mapcount' error, and 2) The HugeTLB page mapped by the page table misses freeing since it's incorrectly treated as shared, and shared page tables are not unmapped. This leads to memory leaks in the system (Kernel Git).

The issue has been fixed by introducing an independent PMD page table shared count. The fix involves reusing the ptsharecount field for x86/arm64/riscv PMDs, which was previously used alongside ptindex/ptmm/ptfragrefcount for other architectures. This provides a dedicated counter for tracking shared page tables (Kernel Git).