In the Linux kernel, the following vulnerability has been resolved:
userfaultfd: change src_folio after ensuring it’s unpinned in UFFDIO_MOVE
Commit d7a08838ab74 (“mm: userfaultfd: fix unexpected change to src_folio
when UFFDIO_MOVE fails”) moved the src_folio->{mapping, index} changing to
after clearing the page-table and ensuring that it’s not pinned. This
avoids failure of swapout+migration and possibly memory corruption.
However, the commit missed fixing it in the huge-page case.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 24.04 | noarch | linux | < 6.8.0-38.38 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-aws | < 6.8.0-1011.12 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-azure | < 6.8.0-1010.10 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-gcp | < 6.8.0-1010.11 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-gke | < 6.8.0-1006.9 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-ibm | < 6.8.0-1008.8 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-intel | < 6.8.0-1007.14 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-lowlatency | < 6.8.0-38.38.1 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-nvidia | < 6.8.0-1009.9 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-oem-6.8 | < 6.8.0-1008.8 | UNKNOWN |
git.kernel.org/linus/c0205eaf3af9f5db14d4b5ee4abacf4a583c3c50 (6.9-rc5)
git.kernel.org/stable/c/c0205eaf3af9f5db14d4b5ee4abacf4a583c3c50
git.kernel.org/stable/c/df5f6e683e7f21a15d8be6e7a0c7a46436963ebe
launchpad.net/bugs/cve/CVE-2024-27007
nvd.nist.gov/vuln/detail/CVE-2024-27007
security-tracker.debian.org/tracker/CVE-2024-27007
ubuntu.com/security/notices/USN-6893-1
ubuntu.com/security/notices/USN-6893-2
ubuntu.com/security/notices/USN-6893-3
ubuntu.com/security/notices/USN-6918-1
www.cve.org/CVERecord?id=CVE-2024-27007