Impact
A fault in the Linux kernel’s huge page handling code leaves a per‑VMA reservation map marked as consumed when a copy operation on a hugetlb folio fails, such as when the source page is hwpoisoned. This issue is a CWE-772 flaw (Missing Release of Resource after Failure); because the reservation is never restored, the memory address space within that VMA retains an unavailable reservation. A later fault on the same address follows a path that ignores the leaked reservation and, under hugetlb pool pressure, can cause the task to receive a SIGBUS, effectively terminating it or corrupting its execution.
Affected Systems
All Linux kernel installations that have not yet incorporated the patch adding restore_reserve_on_error(), regardless of distribution or kernel version. No version‑specific information is provided, so any kernel prior to the patch is considered affected.
Risk and Exploitability
This is a kernel‑level denial of service flaw that requires a successful huge page copy operation to trigger. Because the EPSS score is low (< 1%) and the vulnerability is not listed in CISA’s KEV catalog, exploitation of this bug is not widely documented. Nevertheless, the impact—forced SIGBUS due to workloads heavily reliant on huge pages under memory pressure—can terminate the affected process. The risk is amplified when an application uses UFFDIO_COPY into a private huge page VMA or triggers the rare fork‑time copy‑on‑write path, causing the leaked reservation to be reused and potentially terminating the task. The CVSS score of 5.5 indicates moderate severity.
OpenCVE Enrichment