{"id":"CVE-2021-47214","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nhugetlb, userfaultfd: fix reservation restore on userfaultfd error\n\nCurrently in the is_continue case in hugetlb_mcopy_atomic_pte(), if we\nbail out using \"goto out_release_unlock;\" in the cases where idx \u003e=\nsize, or !huge_pte_none(), the code will detect that new_pagecache_page\n== false, and so call restore_reserve_on_error().  In this case I see\nrestore_reserve_on_error() delete the reservation, and the following\ncall to remove_inode_hugepages() will increment h-\u003eresv_hugepages\ncausing a 100% reproducible leak.\n\nWe should treat the is_continue case similar to adding a page into the\npagecache and set new_pagecache_page to true, to indicate that there is\nno reservation to restore on the error path, and we need not call\nrestore_reserve_on_error().  Rename new_pagecache_page to\npage_in_pagecache to make that clear.","modified":"2026-03-14T11:19:02.390653Z","published":"2024-04-10T19:15:48.680Z","related":["SUSE-SU-2024:1644-1","SUSE-SU-2024:1659-1","SUSE-SU-2024:1663-1"],"references":[{"type":"FIX","url":"https://git.kernel.org/stable/c/b5069d44e2fbc4a9093d005b3ef0949add3dd27e"},{"type":"FIX","url":"https://git.kernel.org/stable/c/cc30042df6fcc82ea18acf0dace831503e60a0b7"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"5.14"},{"fixed":"5.15.5"}]},{"events":[{"introduced":"0"},{"last_affected":"5.13.13"}]},{"events":[{"introduced":"0"},{"last_affected":"5.16-rc1"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-47214.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}