mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
113 lines
5.8 KiB
JSON
113 lines
5.8 KiB
JSON
|
{
|
||
|
|
"data_version": "4.0",
|
||
|
|
"data_type": "CVE",
|
||
|
|
"data_format": "MITRE",
|
||
|
|
"CVE_data_meta": {
|
||
|
|
"ID": "CVE-2024-36881",
|
||
|
|
"ASSIGNER": "cve@kernel.org",
|
||
|
|
"STATE": "PUBLIC"
|
||
|
|
},
|
||
|
|
"description": {
|
||
|
|
"description_data": [
|
||
|
|
{
|
||
|
|
"lang": "eng",
|
||
|
|
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/userfaultfd: reset ptes when close() for wr-protected ones\n\nUserfaultfd unregister includes a step to remove wr-protect bits from all\nthe relevant pgtable entries, but that only covered an explicit\nUFFDIO_UNREGISTER ioctl, not a close() on the userfaultfd itself. Cover\nthat too. This fixes a WARN trace.\n\nThe only user visible side effect is the user can observe leftover\nwr-protect bits even if the user close()ed on an userfaultfd when\nreleasing the last reference of it. However hopefully that should be\nharmless, and nothing bad should happen even if so.\n\nThis change is now more important after the recent page-table-check\npatch we merged in mm-unstable (446dd9ad37d0 (\"mm/page_table_check:\nsupport userfault wr-protect entries\")), as we'll do sanity check on\nuffd-wp bits without vma context. So it's better if we can 100%\nguarantee no uffd-wp bit leftovers, to make sure each report will be\nvalid."
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
"problemtype": {
|
||
|
|
"problemtype_data": [
|
||
|
|
{
|
||
|
|
"description": [
|
||
|
|
{
|
||
|
|
"lang": "eng",
|
||
|
|
"value": "n/a"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
"affects": {
|
||
|
|
"vendor": {
|
||
|
|
"vendor_data": [
|
||
|
|
{
|
||
|
|
"vendor_name": "Linux",
|
||
|
|
"product": {
|
||
|
|
"product_data": [
|
||
|
|
{
|
||
|
|
"product_name": "Linux",
|
||
|
|
"version": {
|
||
|
|
"version_data": [
|
||
|
|
{
|
||
|
|
"version_affected": "<",
|
||
|
|
"version_name": "f369b07c8614",
|
||
|
|
"version_value": "377f3a9a3d03"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"version_value": "not down converted",
|
||
|
|
"x_cve_json_5_version_data": {
|
||
|
|
"versions": [
|
||
|
|
{
|
||
|
|
"version": "6.0",
|
||
|
|
"status": "affected"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"version": "0",
|
||
|
|
"lessThan": "6.0",
|
||
|
|
"status": "unaffected",
|
||
|
|
"versionType": "custom"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"version": "6.6.31",
|
||
|
|
"lessThanOrEqual": "6.6.*",
|
||
|
|
"status": "unaffected",
|
||
|
|
"versionType": "custom"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"version": "6.8.10",
|
||
|
|
"lessThanOrEqual": "6.8.*",
|
||
|
|
"status": "unaffected",
|
||
|
|
"versionType": "custom"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"version": "6.9",
|
||
|
|
"lessThanOrEqual": "*",
|
||
|
|
"status": "unaffected",
|
||
|
|
"versionType": "original_commit_for_fix"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"defaultStatus": "affected"
|
||
|
|
}
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
},
|
||
|
|
"references": {
|
||
|
|
"reference_data": [
|
||
|
|
{
|
||
|
|
"url": "https://git.kernel.org/stable/c/377f3a9a3d032a52325a5b110379a25dd1ab1931",
|
||
|
|
"refsource": "MISC",
|
||
|
|
"name": "https://git.kernel.org/stable/c/377f3a9a3d032a52325a5b110379a25dd1ab1931"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"url": "https://git.kernel.org/stable/c/8d8b68a5b0c9fb23d37df06bb273ead38fd5a29d",
|
||
|
|
"refsource": "MISC",
|
||
|
|
"name": "https://git.kernel.org/stable/c/8d8b68a5b0c9fb23d37df06bb273ead38fd5a29d"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"url": "https://git.kernel.org/stable/c/c88033efe9a391e72ba6b5df4b01d6e628f4e734",
|
||
|
|
"refsource": "MISC",
|
||
|
|
"name": "https://git.kernel.org/stable/c/c88033efe9a391e72ba6b5df4b01d6e628f4e734"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
},
|
||
|
|
"generator": {
|
||
|
|
"engine": "bippy-a5840b7849dd"
|
||
|
|
}
|
||
|
|
}
|