CVE-2024-27007

Description

In the Linux kernel, the following vulnerability has been resolved: userfaultfd: change src_folio after ensuring it's unpinned in UFFDIO_MOVE Commit d7a08838ab74 ("mm: userfaultfd: fix unexpected change to src_folio when UFFDIO_MOVE fails") moved the src_folio->{mapping, index} changing to after clearing the page-table and ensuring that it's not pinned. This avoids failure of swapout+migration and possibly memory corruption. However, the commit missed fixing it in the huge-page case.

Reserved 2024-02-19 | Published 2024-05-01 | Updated 2024-12-19 | Assigner Linux

Product status

Default status
unaffected

adef440691bab824e39c1b17382322d195e1fab0 before df5f6e683e7f21a15d8be6e7a0c7a46436963ebe
affected

adef440691bab824e39c1b17382322d195e1fab0 before c0205eaf3af9f5db14d4b5ee4abacf4a583c3c50
affected

Default status
affected

6.8
affected

Any version before 6.8
unaffected

6.8.8
unaffected

6.9
unaffected

References

git.kernel.org/...c/df5f6e683e7f21a15d8be6e7a0c7a46436963ebe

git.kernel.org/...c/c0205eaf3af9f5db14d4b5ee4abacf4a583c3c50

cve.org (CVE-2024-27007)

nvd.nist.gov (CVE-2024-27007)

Download JSON