CVE-2021-47461

Summary

In the Linux kernel, the following vulnerability has been resolved:

userfaultfd: fix a race between writeprotect and exit_mmap()

A race is possible when a process exits, its VMAs are removed by exit_mmap() and at the same time userfaultfd_writeprotect() is called.

The race was detected by KASAN on a development kernel, but it appears to be possible on vanilla kernels as well.

Use mmget_not_zero() to prevent the race as done in other userfaultfd operations.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux63b2d4174c4ad1f40b48d7138e71bcb564c1fe03 < 3cda4bfffd4f755645577aaa9e96a606657b4525affected
LinuxLinux63b2d4174c4ad1f40b48d7138e71bcb564c1fe03 < 149958ecd0627a9f1e9c678c25c665400054cd6aaffected
LinuxLinux63b2d4174c4ad1f40b48d7138e71bcb564c1fe03 < cb185d5f1ebf900f4ae3bf84cee212e6dd035acaaffected
LinuxLinux5.7affected
LinuxLinux0 < 5.7unaffected
LinuxLinux5.10.76 <= 5.10.*unaffected
LinuxLinux5.14.15 <= 5.14.*unaffected
LinuxLinux5.15 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References