CVEs-PoC/2021/CVE-2021-47090.md

### [CVE-2021-47090](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47090)
![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=5.10%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=b94e02822debdf0cc473556aad7dcc859f216653%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)

### Description

In the Linux kernel, the following vulnerability has been resolved:mm/hwpoison: clear MF_COUNT_INCREASED before retrying get_any_page()Hulk Robot reported a panic in put_page_testzero() when testingmadvise() with MADV_SOFT_OFFLINE.  The BUG() is triggered when retryingget_any_page().  This is because we keep MF_COUNT_INCREASED flag insecond try but the refcnt is not increased.    page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0)    ------------[ cut here ]------------    kernel BUG at include/linux/mm.h:737!    invalid opcode: 0000 [#1] PREEMPT SMP    CPU: 5 PID: 2135 Comm: sshd Tainted: G    B             5.16.0-rc6-dirty #373    Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014    RIP: release_pages+0x53f/0x840    Call Trace:      free_pages_and_swap_cache+0x64/0x80      tlb_flush_mmu+0x6f/0x220      unmap_page_range+0xe6c/0x12c0      unmap_single_vma+0x90/0x170      unmap_vmas+0xc4/0x180      exit_mmap+0xde/0x3a0      mmput+0xa3/0x250      do_exit+0x564/0x1470      do_group_exit+0x3b/0x100      __do_sys_exit_group+0x13/0x20      __x64_sys_exit_group+0x16/0x20      do_syscall_64+0x34/0x80      entry_SYSCALL_64_after_hwframe+0x44/0xae    Modules linked in:    ---[ end trace e99579b570fe0649 ]---    RIP: 0010:release_pages+0x53f/0x840

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds