In the Linux kernel, the following vulnerability has been resolved: userfaultfd: fix a race between writeprotect and exit_mmap() A race is possible when a process exits, its VMAs are removed by exit_mmap() and at the same time userfaultfd_writeprotect() is called. The race was detected by KASAN on a development kernel, but it appears to be possible on vanilla kernels as well. Use mmget_not_zero() to prevent the race as done in other userfaultfd operations.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | linux | < 5.14.16-1 | linux_5.14.16-1_all.deb |
Debian | 11 | all | linux | < 5.10.84-1 | linux_5.10.84-1_all.deb |
Debian | 999 | all | linux | < 5.14.16-1 | linux_5.14.16-1_all.deb |
Debian | 13 | all | linux | < 5.14.16-1 | linux_5.14.16-1_all.deb |