Patrick Roy

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the version that includes the fix for the secretmem vulnerability Description: A vulnerability in the Linux kernel has been resolved, related to the secretmem feature. The issue occurs when the memfd secret() syscall does not work correctly on certain arm64 configurations, where marking 4k PTEs in the direct map not present can only be done if the direct map is set up at 4k granularity in the first place. This means that memfd secret will seemingly "work" but does not actually achieve its goal of removing its memory from the direct map. The vulnerability is resolved by disabling the memfd secret() syscall on systems where can set direct map() returns false. Recommendations: For Linux kernel versions prior to the version that includes the fix for the secretmem vulnerability, consider disabling the memfd secret() syscall as a temporary workaround until a patch is available. Restrict access to the vulnerable secretmem feature to minimize the risk of exploitation. Avoid using the memfd secret() syscall on arm64 systems with CONFIG RODATA FULL DEFAULT ENABLED=n, CONFIG DEBUG PAGEALLOC=n, and CONFIG KFENCE=n. At the moment, there is no information about a newer version that contains a fix for this vulnerability.