CVE-2017-15126

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.13.6

Description: A use-after-free flaw was found in fs/userfaultfd.c in the Linux kernel. The issue is related to the handling of fork failure when dealing with event messages. Failure to fork correctly can lead to a situation where a fork event will be removed from an already freed list of events with userfaultfd ctx put(). This flaw may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations: For Linux kernel versions prior to 4.13.6, update to version 4.13.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the userfaultfd ctx put() function until a patch is available.