CVE-2024-36881

CVE Details

Release Date:	2024-05-30
Impact:	Moderate	What is this?

Description

In the Linux kernel, the following vulnerability has been resolved:\nmm/userfaultfd: reset ptes when close() for wr-protected ones\nUserfaultfd unregister includes a step to remove wr-protect bits from all\nthe relevant pgtable entries, but that only covered an explicit\nUFFDIO_UNREGISTER ioctl, not a close() on the userfaultfd itself. Cover\nthat too. This fixes a WARN trace.\nThe only user visible side effect is the user can observe leftover\nwr-protect bits even if the user close()ed on an userfaultfd when\nreleasing the last reference of it. However hopefully that should be\nharmless, and nothing bad should happen even if so.\nThis change is now more important after the recent page-table-check\npatch we merged in mm-unstable (446dd9ad37d0 ('mm/page_table_check:\nsupport userfault wr-protect entries')), as we'll do sanity check on\nuffd-wp bits without vma context. So it's better if we can 100%\nguarantee no uffd-wp bit leftovers, to make sure each report will be\nvalid.

See more information about CVE-2024-36881 from MITRE CVE dictionary and NIST NVD

NOTE: The following CVSS metrics and score provided are preliminary and subject to review.

CVSS v3 metrics

Base Score:	5.3
Vector String:	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H
Version:	3.1
Attack Vector:	Local
Attack Complexity:	High
Privileges Required:	Low
User Interaction:	None
Scope:	Unchanged
Confidentiality Impact:	Low
Integrity Impact:	None
Availability Impact:	High

Errata information

Platform	Errata	Release Date
Oracle Linux version 9 (kernel)	ELSA-2024-9315	2024-11-14