CVE-2024-57937

The vulnerable software is the Linux kernel. The issue arose from a regression in the kernel's memory management subsystem, specifically in the handling of write-sealed memfd mappings. The problem was introduced by a commit that moved a check for mapping writability before the shmem mmap hook was invoked, effectively undoing a previous change that allowed write-sealed memfd mappings to be mapped read-only. This regression was fixed by reworking the memfd seal logic and moving the writability check to a more appropriate place in the code. The fix ensures that write-sealed mappings can be mapped read-only and that mprotect cannot undo the write seal. A regression test was also added to prevent similar regressions in the future. The vulnerable versions are not explicitly stated, but the issue was resolved in a patch series. No information is available on the number of Internet users who may be affected by this issue. More information about the patch series can be found at https://t.co/ER5h8NEnOI and https://t.co/gyRLkTB2gn. #LinuxKernel #memfd #writeSealedMappings #mmap #shmem mmap #regressionFix #patchSeries #LinuxSecurity #kernelVulnerability