CVE-2024-46787

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.5

Description The vulnerability is related to the userfaultfd feature in the Linux kernel, specifically with the pmd trans huge() code in mfill atomic(). The issue arises from a racy check that can lead to a BUG ON() or potentially worse consequences, such as accessing transhuge page contents as a page table, on older kernels (before 6.5). Additionally, pmd trans huge() is not sufficient for detecting PMDs that don't point to page tables, which can cause further issues. The problem can be triggered by winning a single, fairly wide race, and it affects kernels with versions prior to 6.5.

Recommendations To resolve the issue, update the Linux kernel to version 6.5 or later. For kernels affected by bugs 1+2, the first fix can be backported. As a temporary workaround, consider disabling the mfill atomic() function until a patch is available. Restrict access to the vulnerable pmd trans huge() function to minimize the risk of exploitation. Avoid using the UFFDIO ZEROPAGE ioctl on affected kernels until the issue is resolved.