// For flags

CVE-2024-36943

fs/proc/task_mmu: fix loss of young/dirty bits during pagemap scan

Severity Score

"-"
*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

In the Linux kernel, the following vulnerability has been resolved:

fs/proc/task_mmu: fix loss of young/dirty bits during pagemap scan

make_uffd_wp_pte() was previously doing:

pte = ptep_get(ptep);
ptep_modify_prot_start(ptep);
pte = pte_mkuffd_wp(pte);
ptep_modify_prot_commit(ptep, pte);

But if another thread accessed or dirtied the pte between the first 2
calls, this could lead to loss of that information. Since
ptep_modify_prot_start() gets and clears atomically, the following is the
correct pattern and prevents any possible race. Any access after the
first call would see an invalid pte and cause a fault:

pte = ptep_modify_prot_start(ptep);
pte = pte_mkuffd_wp(pte);
ptep_modify_prot_commit(ptep, pte);

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fs/proc/task_mmu: corrige la pérdida de bits jóvenes/sucios durante el escaneo del mapa de páginas que make_uffd_wp_pte() estaba haciendo anteriormente: pte = ptep_get(ptep); ptep_modify_prot_start(ptep); pte = pte_mkuffd_wp(pte); ptep_modify_prot_commit(ptep,pte); Pero si otro hilo accedió o ensució el pte entre las 2 primeras llamadas, esto podría provocar la pérdida de esa información. Dado que ptep_modify_prot_start() obtiene y borra atómicamente, el siguiente es el patrón correcto y evita cualquier posible ejecución. Cualquier acceso después de la primera llamada vería un pte no válido y provocaría una falla: pte = ptep_modify_prot_start(ptep); pte = pte_mkuffd_wp(pte); ptep_modify_prot_commit(ptep,pte);

*Credits: N/A
CVSS Scores
Attack Vector
-
Attack Complexity
-
Privileges Required
-
User Interaction
-
Scope
-
Confidentiality
-
Integrity
-
Availability
-
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-05-30 CVE Reserved
  • 2024-05-30 CVE Published
  • 2024-05-31 EPSS Updated
  • 2024-12-19 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 6.7 < 6.8.10
Search vendor "Linux" for product "Linux Kernel" and version " >= 6.7 < 6.8.10"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 6.7 < 6.9
Search vendor "Linux" for product "Linux Kernel" and version " >= 6.7 < 6.9"
en
Affected