Shu Han

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.58 **Description** A security issue has been fixed in the Linux kernel, where the remap file pages syscall handler calls do mmap() directly, which doesn't contain the LSM security check. If the process has called personality(READ IMPLIES EXEC) before and remap file pages() is called for RW pages, this will actually result in remapping the pages to RWX, bypassing a W^X policy enforced by SELinux. The bypass is similar to a previously known issue, which bypassed the same thing via AIO. **Recommendations** For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider restricting the use of the remap file pages syscall handler to minimize the risk of exploitation. Additionally, avoid using the `personality(READ IMPLIES EXEC)` call before remap file pages() is called for RW pages.