CVE-2024-46838

Summary

In the Linux kernel, the following vulnerability has been resolved:

userfaultfd: don't BUG_ON() if khugepaged yanks our page table

Since khugepaged was changed to allow retracting page tables in file mappings without holding the mmap lock, these BUG_ON()s are wrong - get rid of them.

We could also remove the preceding "if (unlikely(…))" block, but then we could reach pte_offset_map_lock() with transhuge pages not just for file mappings but also for anonymous mappings - which would probably be fine but I think is not necessarily expected.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1d65b771bc08cd054cf6d3766a72e113dc46d62f < 4a594acc12d5954cdc71d4450a386748bf3d136aaffected
LinuxLinux1d65b771bc08cd054cf6d3766a72e113dc46d62f < db978287e908d48b209e374b00d847b2d785e0a9affected
LinuxLinux1d65b771bc08cd054cf6d3766a72e113dc46d62f < 4828d207dc5161dc7ddf9a4f6dcfd80c7dd7d20aaffected
LinuxLinux6.6affected
LinuxLinux0 < 6.6unaffected
LinuxLinux6.6.51 <= 6.6.*unaffected
LinuxLinux6.10.10 <= 6.10.*unaffected
LinuxLinux6.11 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References