AI Score
Confidence
Low
EPSS
Percentile
15.5%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
In the Linux kernel, the following vulnerability has been resolved:
userfaultfd: fix a race between writeprotect and exit_mmap()
A race is possible when a process exits, its VMAs are removed by
exit_mmap() and at the same time userfaultfd_writeprotect() is called.
The race was detected by KASAN on a development kernel, but it appears
to be possible on vanilla kernels as well.
Use mmget_not_zero() to prevent the race as done in other userfaultfd
operations.
[
{
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"product": "Linux",
"versions": [
{
"status": "affected",
"version": "63b2d4174c4a",
"lessThan": "3cda4bfffd4f",
"versionType": "git"
},
{
"status": "affected",
"version": "63b2d4174c4a",
"lessThan": "149958ecd062",
"versionType": "git"
},
{
"status": "affected",
"version": "63b2d4174c4a",
"lessThan": "cb185d5f1ebf",
"versionType": "git"
}
],
"programFiles": [
"fs/userfaultfd.c"
],
"defaultStatus": "unaffected"
},
{
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"product": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"status": "unaffected",
"version": "0",
"lessThan": "5.7",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "5.10.76",
"versionType": "custom",
"lessThanOrEqual": "5.10.*"
},
{
"status": "unaffected",
"version": "5.14.15",
"versionType": "custom",
"lessThanOrEqual": "5.14.*"
},
{
"status": "unaffected",
"version": "5.15",
"versionType": "original_commit_for_fix",
"lessThanOrEqual": "*"
}
],
"programFiles": [
"fs/userfaultfd.c"
],
"defaultStatus": "affected"
}
]