Bug 2300385 (CVE-2024-41027) - CVE-2024-41027 kernel: Fix userfaultfd_api to return EINVAL as expected
Summary: CVE-2024-41027 kernel: Fix userfaultfd_api to return EINVAL as expected
Keywords:
Status: NEW
Alias: CVE-2024-41027
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2301520
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-07-29 15:21 UTC by OSIDB Bzimport
Modified: 2024-09-24 13:51 UTC (History)
4 users (show)

Fixed In Version: kernel 5.15.163, kernel 6.1.100, kernel 6.6.41, kernel 6.9.10, kernel 6.10
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2024-07-29 15:21:34 UTC 
In the Linux kernel, the following vulnerability has been resolved:

Fix userfaultfd_api to return EINVAL as expected

Currently if we request a feature that is not set in the Kernel config we
fail silently and return all the available features.  However, the man
page indicates we should return an EINVAL.

We need to fix this issue since we can end up with a Kernel warning should
a program request the feature UFFD_FEATURE_WP_UNPOPULATED on a kernel with
the config not set with this feature.

 [  200.812896] WARNING: CPU: 91 PID: 13634 at mm/memory.c:1660 zap_pte_range+0x43d/0x660
 [  200.820738] Modules linked in:
 [  200.869387] CPU: 91 PID: 13634 Comm: userfaultfd Kdump: loaded Not tainted 6.9.0-rc5+ #8
 [  200.877477] Hardware name: Dell Inc. PowerEdge R6525/0N7YGH, BIOS 2.7.3 03/30/2022
 [  200.885052] RIP: 0010:zap_pte_range+0x43d/0x660
Comment 1 Mauro Matteo Cascella 2024-07-30 08:40:33 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024072920-CVE-2024-41027-24c4@gregkh/T
Comment 2 Mauro Matteo Cascella 2024-07-30 08:40:53 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2301520]
Note You need to log in before you can comment on or make changes to this bug.